Chapter 8

Log Files

Abstract

Using open source tools to collect memory and analyze it as part of a forensic investigation.

Keywords

operating systems
forensics
operating environments

INFORMATION INCLUDED IN THIS CHAPTER:

Windows event logs
Unix Syslog
Application logs
Mac OS X logs
Security logs
Auditing

Introduction

System administrators rely on log files as part of their every day lives. Without log files, an administrator would be unable to determine what happened when something goes wrong. These are essential system files. However, they are not only essential for system administrators. They can also be very good sources of information for a forensics professional, no matter what platform the logs are on. Windows systems have a ...

Get Operating System Forensics now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.