From the course: Network Forensics
Join today to access over 23,300 courses taught by industry experts.
Audit logs
- [Instructor] Audit logs are chronological records that provide documented evidence of the sequence of activities relevant to security events. They record transactions by users, systems, and other entities. Audit trail is another name for audit logs. Maintaining a strong audit trail is critical in network forensics, and here is why. First, it provides accountability. Logs tie accounts and people to security events. Based on this information, organizations find out who did what, and how their system responded. They can also take punitive or corrective actions such as more training or education. Next is reconstruction. Network forensic specialists can piece together a series of related activities sequentially before and during a security incident. Anomaly detection is another benefit because log data provides raw materials for spotting any suspicious activities. Linux keeps its audit trail by maintaining a number of log files. You can find them under the /var/log directory. Type cd…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Network logs3m 6s
-
(Locked)
Intrusion and security events5m 2s
-
(Locked)
Network logs as evidence3m 16s
-
(Locked)
Network logs and compliance3m 12s
-
(Locked)
Audit logs3m 28s
-
(Locked)
Firewall logs4m 23s
-
(Locked)
syslog6m 14s
-
(Locked)
syslog-ng6m 31s
-
(Locked)
Kiwi Syslog Server2m 39s
-
(Locked)
Microsoft Log Parser4m 34s
-
(Locked)
-
-
-