From the course: Learning Cyber Incident Response and Digital Forensics
Join today to access over 24,700 courses taught by industry experts.
Conducting log analysis
From the course: Learning Cyber Incident Response and Digital Forensics
Conducting log analysis
- [Instructor] In this lesson, you're going to learn how to conduct some basic log analysis. Now, in order to do this, we have to be able to gather the log files from the suspect's computer that we already collected as part of that disc image. Again, this is going to be found inside of JohnSmithsPC.001_147Host as that image file because this contained the entire Windows operating system, as well as everything on that C drive, both what was already there, what was deleted and what was in the Slack space. So to be able to go through the logs, we just need to go into the C drive of that machine and then access the logs using our forensic workstation's Event Viewer tool. To do this, we'll simply go over to the JohnSmithsPC that we want to look at and double-click it and then double-click JohnSmithsPC hard drive, which will show me all the different partitions, or volumes, on there. Once we do that, we see volume six, which is…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
Conducting forensic analysis3m 39s
-
(Locked)
Analyzing memory contents16m 16s
-
(Locked)
Importing evidence into Autopsy7m 43s
-
(Locked)
Analyzing hidden and deleted files8m 54s
-
(Locked)
Analyzing the windows registry9m 50s
-
(Locked)
Conducting log analysis5m 17s
-
(Locked)
Creating your report6m 30s
-
(Locked)
Other considerations3m 45s
-
(Locked)
Review of the chapter quiz7m 14s
-
-
-
-