Log Capturing and Event Correlation

HomeIncident Handling Exercises

Log Capturing and Event Correlation

Every device on a network generates some kind of logs for each and every action carried out on the network. Capturing and analyzing the log files are important tasks for investigating the security posture of the target network, as they contain information about all the system, device, and user activities that took place within the network.

Objective

TThe objective of this lab is to provide the forensic investigator knowledge on capturing and analyzing the logs of a network and other responsibilities. The lab aims to capture and analyze:

Log Capturing and Event Correlation

Security event logs
Application event logs
System event logs
Other logs of Microsoft Windows operating systems

Scenario

James is working as a team leader in an MNC company. Sam is an efficient, honest, and dedicated member of James's team, but recently James noticed a big drop in Sam's performance. Through the other team members, James found out that Sam is wasting a lot of time browsing and chatting on social networking sites. James called Sam to ask him to explain the drop in his performance, and Sam lied, saying his current project is very difficult to understand and time consuming. Before taking any serious action against Sam, James wants to capture and analyze all the logs of Sam's computer to know how he is spending his time in the office.

Log Capturing and Event Correlation

Incident Handling Exercises / Log Capturing and Event Correlation contains the following Exercises:

Investigating System Log Data Using XpoLog Center Suite Tool
Viewing Event Logs Using Kiwi Syslog Server Tool

The Virtual Private Cloud for this Lab set utilizes:

Microsoft Windows Server 2008Steve Graham2014-08-14T17:55:19-04:00

Permalink
Gallery
Microsoft Windows Server 2008
Microsoft Windows 7Steve Graham2014-08-14T14:22:31-04:00

Permalink
Gallery
Microsoft Windows 7

Incident Handling Exercises are available as part of the following subscription:

CEHproductimage

Each subscription provides 6 months access to over 75 Different Exercises. Each exercise contains a Scenario, Objectives, and individual step by step tasks to guide the user through all steps necessary to complete the exercise.

Lab exercises are included for:

Trojans and Backdoors
Computer Forensics Investigation Process
Understanding Hard Disks and File Systems
Forensics Investigation Using AccessData FTK
Forensics Investigation Using EnCase
Log Capturing and Event Correlation

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Others