Chapter 11: Text-based Logs

Locate and find evidence in Windows IIS 7.5 logs. Windows servers running the IIS web server create extremely detailed logs that are enabled by default. Usually these servers are on the Internet and available to the Internet public at large. Sometimes these servers are on intranets or private networks, serving a limited clientele. These intranet servers aren’t usually as well secured as their public counterparts and are often targeted when private networks are compromised. Regardless of their public or private status, the logs on either often contain valuable information for the network investigator.
Master It Where are IIS logs stored? In which format are they stored by default? When you see a time in the default ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.