Saya jadi ingat pengalaman saya bekerja di banking dan diminta untuk melalukan trace atas transaksi fraud kartu kredit. Tidak mudah karena saya hanya mengandalkan log terjadinya koneksi, tidak bisa mengambil informasi lebih detail, seperti yang sekarang ada di syslog dan eventlog.
Log Forensic Analysis: Constructing the Crime Scene
Most often companies fail to track down the network intruder who initiated the network breach. It is impossible to protect your network against every attack in spite of taking the best precautions to mitigate the attacks from happening. All attackers leave traces and your event log data and syslog data is the only thing that can help you identify the cause of the breach and even narrow down to tell you who initiated the breach. Log data forensics analysis report can be used as evidence in the court of law.
Your network infrastructure comprising of network devices such as routers, switches, firewalls, servers, etc. generate event log data and syslog data every time an activity occurs on your network. Event log data and system log data activity records are like digital fingerprints left by everyone who accessed the network devices and applications. These digital fingerprints can tell you at what time the network activity was initiated, what happened after that and who initiated that activity. These digital fingerprints will help you in constructing the entire crime scene.
Doing forensics manually on your event log data and syslog data without proper log forensics tools is painful and time consuming. Also, you need to ensure that the log data is kept secure and tamper proof for accurate log forensic analysis.
EventLog Analyzer for Log Forensics
EventLog Analyzer allows you to centrally collect, archive, analyze machine generated logs obtained from heterogeneous systems, network devices and applications, and generates forensic reports (like user activity reports, system audit reports, regulatory compliance reports, etc...)
This log analytics and compliance reporting software helps you conduct network forensics on these collected logs and detect network or system anomalies. These machine generated event logs and syslogs are archived, for future forensic analysis, and also encrypted to ensure that the collected system logs are not tampered with and are secure. You can drill down to the raw log events and do a root cause analysis within minutes.
|
Forensic Analysis using Raw Log Search
EventLog Analyzer makes forensic investigation very easy by allowing you to use its powerful search engine to search on both the raw and formatted logs and instantly generate forensic reports based on the search results.This log forensics software enables network administrators to search the raw logs to pinpoint the exact log entry which caused the security activity, find the exact time at which the corresponding security event had happened, who initiated the activity and also, the location from where the activity originated.
This search feature in EventLog Analyzer will help you to quickly track down the network intruder and is quite useful to law enforcing authorities for forensic analysis. Archived logs can be imported and security incident mining can be carried out by searching the raw logs. This makes forensic investigation easy, which is otherwise a task with huge manually effort.
|