Forensics Analysis Computer Network System
Computer Security Logs Forensics
- Computer security logs contain information about the events occurring within an organization, system & network.
|Security Logs category|
|Operating System Logs :- Logs of Operating system, Server, Workstation, Network devices.||Application Logs :- Logs of application which are running on system||Security Software logs :- Logs of network & host based security software.|
Operating system Logs Forensics
- operating system logs are most beneficial for identifying or investigation suspicious activities involving a particular host.
|Event Logs :- Contains information about operational action performed by OS component.||Audit logs :- Contains successful event information such as successful & ailed authentication attempts, file accesses, security policy changes & account changes.|
Application Logs Forensics
- Application logs consists of all the events logs by the programs
- Events that are written to the application logs are determined by the developers of the software programs.
- Common Log information
- Client request & server response
- Account Information
- Usage Information
- Significant Operational action
Security software Logs Forensics :- This is very important logs from investigation point of view.
- Antimalware Software
- IDS / IPS logs
- Remote access software
- web proxies
- Vulnerability Management Service / Software
- Authentication Server
- Network Quarantine Server
- Antivirus logs
Router Log Files Forensics
- Router stores log files in router cache
- It is recommended to take bit stream image of router cache
- It provides detailed information about the network traffic on the internet
- it gives information about the attack o and from the networks
Linux Process Account Forensics
- Linux process accounts track the commands that each user execute.
- The process tracking logs /var/adm , /var/log , /usr/adm
- The track files can be viewed with the lastcomn command
- It enable process tracking with accton command or the startup (/usr/lib/acct/startup) command
Windows Log files Forensics
- Windows log files are stored in %systemroot%\system32\winevt\logs\ (Log event that appears in security log)