Every device on a network generates some kind of log for each and every action carried out on the network. Capturing and analyzing the log files are important steps for investigating the security posture of the target network, as they contain information about all the system, device, and user activities that took place within the network.

Objective

The objective of this lab is to provide the forensic investigator with a solid understanding of how to capture and analyze the logs of a network, as well as other responsibilities. The lab aims to capture and analyze:
Log Capturing and Event Correlation
  • Security event logs
  • Application event logs
  • System event logs
  • Other logs of Microsoft Windows operating systems

Scenario

James is working as a team leader in a MNC company. Sam is an efficient, honest, and dedicated member of James'™s team, but recently James noticed a big drop in Sam'™s performance. Through speaking with the other team members, James found out that Sam is wasting a lot of time browsing and chatting on social networking sites. James called Sam to ask him to explain the drop in his performance, and Sam lied, saying his current project was very difficult to understand and time consuming. Before taking any serious action against Sam, James wants to capture and analyze all the logs of Sam's computer to know how he is spending his time in the office. This way, he will be able to see if the rumors spread by the coworkers are true.

Log Capturing and Event Correlation

Computer Forensics Exercises / Log Capturing and Event Correlation contains the following Exercises:

  • Investigating System Log Data Using XpoLog Center Suite Tool
  • Viewing Event Logs Using Kiwi Syslog Server Tool

The Virtual Private Cloud for this Lab set utilizes:


Computer Forensics Exercises are available as part of the following subscription:

CEHproductimage
Each subscription provides 6 months access to 34 Different Exercises. Each exercise contains a Scenario, Objectives, and individual step by step tasks to guide the user through all steps necessary to complete the exercise. The Computer Forensics Exercises are designed to give the user an ultimate hands-on experience. Each exercise category above has it’s own Virtual Private Cloud that comes preconfigured with Vulnerable websites, Victim Machines, and the environment is LOADED with tools, we even provide investigation files, hard disk clones and targets. Included in your network share are all the supporting tools required to practice in the Cyber Range / Lab environment.

Lab exercises are included for:

  • Computer Forensics Investigation Process
  • Computer Forensics Lab
  • Understanding Hard Disks and File Systems
  • Windows Forensics
  • Data Acquisition and Duplication
  • Recovering Deleted Files and Partitions
  • Forensics Investigation Using AccessData FTK
  • Forensics Investigation Using EnCase
  • Steganography and Image File Forensics
  • Application Password Crackers
  • Log Capturing and Event Correlation
  • Network Forensics, Investigating Logs and Investigating Network Traffic
  • Investigating Wireless Attacks
  • Tracking & Investigating Email Crimes
  • Mobile Forensics
  • Investigative Reports
Price: $199
Add to Cart
View Cart