From the course: Network Forensics
Join today to access over 25,500 courses taught by industry experts.
Network logs as evidence
From the course: Network Forensics
Network logs as evidence
- [Instructor] Network logs are records of user activities on hosts, including intrusion attempts and security events. They are the primary sources of information investigators use to prove a crime. However, it's important to note that network logs are also susceptible to attacks. Intruders can change, delete, and add an entry to cover their tracks. Because of this possibility of tempering, courts don't automatically accept network logs as credible evidence unless they meet certain criteria. Prosecutors are responsible for providing witness to testify about the log's integrity, reliability, and accuracy before they become admissible to the court. The custodians of the systems generating the log files are expected to be able to strongly support their authenticity. A history of prior breaches seriously weakens the credibility of the witness and the court may even reject the log data. Another requirement is keeping logs as a regular business practice, which is often required as part of…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Network logs3m 24s
-
(Locked)
Intrusion and security events4m 22s
-
(Locked)
Network logs as evidence3m 30s
-
(Locked)
Network logs and compliance3m 23s
-
(Locked)
Audit logs3m 28s
-
(Locked)
Firewall logs4m 29s
-
(Locked)
syslog34s
-
(Locked)
syslog-ng1m 34s
-
(Locked)
Kiwi Syslog Server28s
-
(Locked)
Microsoft Log Parser1m 32s
-
(Locked)
-
-
-