Using open source tools to collect memory and analyze it as part of a forensic investigation.
INFORMATION INCLUDED IN THIS CHAPTER:
• Windows event logs
• Unix Syslog
• Application logs
• Mac OS X logs
• Security logs
System administrators rely on log files as part of their every day lives. Without log files, an administrator would be unable to determine what happened when something goes wrong. These are essential system files. However, they are not only essential for system administrators. They can also be very good sources of information for a forensics professional, no matter what platform the logs are on. Windows systems have a ...
Get Operating System Forensics now with the O’Reilly learning platform.
O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.