Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mastering Windows Network Forensics and Investigation Chapter 11: Text Based Logs.

Published byAdelia Walsh Modified over 9 years ago

Similar presentations

Presentation on theme: "Mastering Windows Network Forensics and Investigation Chapter 11: Text Based Logs."— Presentation transcript:

1 Mastering Windows Network Forensics and Investigation Chapter 11: Text Based Logs

2 Chapter Topics: Locate and find evidence in IIS logs Locate and find evidence in FTP server logs Locate and find evidence in DHCP logs Locate and find evidence in Windows 7 firewall logs

3 Parsing IIS Logs IIS Management console

4 Parsing IIS Logs W3C Extended format is default setting –U_exyymmdd.log –All timestamps and entries recorded in GMT c- = client actions s- = server actions cs- = client to server actions sc- = server to client actions

5 Parsing IIS Logs Server status codes –200 = OK –400 = Bad Request –404 = Not Found –500 = Internal Server Error

6 Parsing FTP Logs File Transfer Protocol server –Same format as IIS W3C Extended Does not record the following: –cs-uri-query –cs-host –cs(User-Agent) –cs(Cookie) –cs(Referrer)

7 Parsing FTP Logs Server Status Codes different from IIS –220 = Service ready for new user –225 = Data connection open –230 = User logged on Timestamps stored using GMT by default

8 Parsing DHCP Logs Dynamic Host Configuration Protocol –Tracks leased IP addresses to requesting clients Format –ID –Date –Time –Description –IP address –Host Name –MAC Address

9 Parsing Windows Firewall Logs Disabled by default Logs are stored in W3C Extended format –Extended Fields used: Date Time Action Protocol src-ip dst-ip src-port dst-port

10 Parsing Windows Firewall Logs

Download ppt "Mastering Windows Network Forensics and Investigation Chapter 11: Text Based Logs."

Similar presentations

Certification Training for Technicians Part 6 – Trouble shooting Page 6 - 1.

Certification Training for Technicians Part 6 – Trouble shooting Page
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 22 World Wide Web and HTTP.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 22 World Wide Web and HTTP.
CSIT 320 (Blum) 1 DHCP. CSIT 320 (Blum) 2 Dynamic Host Configuration Protocol does not require an administrator to add an entry for a computer into the.

CSIT 320 (Blum) 1 DHCP. CSIT 320 (Blum) 2 Dynamic Host Configuration Protocol does not require an administrator to add an entry for a computer into the.
KX-NS1000 Initial Set Up For step by step : 16 May, 2012 1.

KX-NS1000 Initial Set Up For step by step : 16 May,
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 4 Installing and Configuring the Dynamic Host Configuration Protocol.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 4 Installing and Configuring the Dynamic Host Configuration Protocol.
History DHCP was first defined as a standards track protocol in RFC 1531 in October 1993, as an extension to the Bootstrap Protocol (BOOTP). The motivation.

History DHCP was first defined as a standards track protocol in RFC 1531 in October 1993, as an extension to the Bootstrap Protocol (BOOTP). The motivation.
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.

Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
DHCP Dynamic Host Configuration Protocol by: Kirk Z. Moreno.

DHCP Dynamic Host Configuration Protocol by: Kirk Z. Moreno.
CLIENT / SERVER ARCHITECTURE AYRİS UYGUR & NİLÜFER ÇANGA.

CLIENT / SERVER ARCHITECTURE AYRİS UYGUR & NİLÜFER ÇANGA.
Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.

Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 18 Host Configuration: DHCP.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 18 Host Configuration: DHCP.
Host Configuration: BOOTP and DHCP

Host Configuration: BOOTP and DHCP
Mastering Windows Network Forensics and Investigation Chapter 9: Registry Evidence.

Mastering Windows Network Forensics and Investigation Chapter 9: Registry Evidence.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
DHCP Server © N. Ganesan, Ph.D.. Reference DHCP Server Issues or leases dynamic IP addresses to clients in a network The lease can be subject to various.

DHCP Server © N. Ganesan, Ph.D.. Reference DHCP Server Issues or leases dynamic IP addresses to clients in a network The lease can be subject to various.
Ch 8-3 Working with domains and Active Directory.

Ch 8-3 Working with domains and Active Directory.
Installing a DHCP Server role on Windows Server 2008 R2 in a home network. This is intended as a guide to install the DHCP role on a Domain Controller.

Installing a DHCP Server role on Windows Server 2008 R2 in a home network. This is intended as a guide to install the DHCP role on a Domain Controller.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 4: Dynamic Host Configuration Protocol.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 4: Dynamic Host Configuration Protocol.
FTP File Transfer Protocol. Introduction transfer file to/from remote host client/server model  client: side that initiates transfer (either to/from.

FTP File Transfer Protocol. Introduction transfer file to/from remote host client/server model  client: side that initiates transfer (either to/from.

Similar presentations

Ads by Google