From the course: Network Forensics
Join today to access over 23,300 courses taught by industry experts.
Network logs as evidence
From the course: Network Forensics
Network logs as evidence
- [Lecturer] Network logs are the records of user activities on hosts some of which include intrusion attempts and security events. They are the primary sources of information investigators use to prove a crime. However, it's important to note that network logs are also susceptible to attacks. Intruders can change, delete, and add an entry to cover their tracks. Because of this possibility of tampering, courts don't automatically accept network logs as credible evidence unless they meet certain criteria. Prosecutors are responsible for providing witnesses to testify the integrity, reliability, and accuracy of the logs before they become admissible to the court. The expectation is that the custodians of the systems generating the log files can strongly support their authenticity. A history of prior breaches seriously weakens the credibility of the witnesses and the court may even reject the log data. Another requirement is keeping logs as a regular business practice which is often…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Network logs3m 6s
-
(Locked)
Intrusion and security events5m 2s
-
(Locked)
Network logs as evidence3m 16s
-
(Locked)
Network logs and compliance3m 12s
-
(Locked)
Audit logs3m 28s
-
(Locked)
Firewall logs4m 23s
-
(Locked)
syslog6m 14s
-
(Locked)
syslog-ng6m 31s
-
(Locked)
Kiwi Syslog Server2m 39s
-
(Locked)
Microsoft Log Parser4m 34s
-
(Locked)
-
-
-