Using open source tools to collect memory and analyze it as part of a forensic investigation.
Keywords
operating systems
forensics
operating environments
INFORMATION INCLUDED IN THIS CHAPTER:
• Windows event logs
• Unix Syslog
• Application logs
• Mac OS X logs
• Security logs
• Auditing
Introduction
System administrators rely on log files as part of their every day lives. Without log files, an administrator would be unable to determine what happened when something goes wrong. These are essential system files. However, they are not only essential for system administrators. They can also be very good sources of information for a forensics professional, no matter what platform the logs are on. Windows systems have a ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month, and much more.