Knowledge Base

Analyzing-IDS-Logs

Analyzing IDS Logs

1 Comment / CHFI, Knowledge Base / By

Analyzing IDS Logs in this Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) are among the most sophisticated network security devices in use today.These systems’ logs contain valuable network threat information about attack types, devices being targeted, and more. Intrusion Detection Systems (IDS) are automated systems that monitor and analyze network traffic and generate “alerts” in response to activity that either match known patterns of malicious activities or is unusual. … IDS can be either network or host-based. In addition …

Analyzing IDS Logs Read More »

Analyzing-Firewall-Logs

Analyzing Firewall Logs

Leave a Comment / CHFI, Knowledge Base / By

Analyzing Firewall Logs provides insight in to the security threats and traffic behavior. In depth analysis of the firewall security logs provides critical network intelligence about attempts to breach security and attacks like virus, trojan, denial of service, etc. From the Network Objects tree, double-click the Security Management Server or Domain Log Server. The General Properties window opens. In the Management tab, select Logging & Status. From the navigation tree, click Logs.  is a simple and free online …

Analyzing Firewall Logs Read More »

Analyzing-Router-Logs-in-Network-Forensic-Investigation

Analyzing Router Logs in Network Forensic Investigation

Leave a Comment / CHFI, Knowledge Base / By

Analyzing Router Logs in Network Forensic Investigation, in this the investigator collects the logs of a router to examine and determine the details such as IP addresses and the protocols. Redirection of the logs to syslog server is done in the following mariner: #config terminal Logging 192.168.1.1 During any network hacking, or unauthorized access scenarios, all the logs pertaining to the attack will be stored in the compromised device, which may be the router/switch, database, IDS, …

Analyzing Router Logs in Network Forensic Investigation Read More »

Understand-Network-Forensics-Analysis-Mechanism

Understand Network Forensics Analysis Mechanism

Leave a Comment / CHFI, Knowledge Base / By

This network forensics analysis mechanism includes presenting the evidence, manipulating, and automated reasoning. Analyst Interface The analyst interface provides visualization of the evidence graph and reasoning results to the analyst, who passes the feedback to the graph generation and reasoning components. Evidence Collection Evidence collection involves the collection of intrusion evidence from networks and hosts under investigation. Evidence Preprocessing Evidence preprocessing deals with the analysis of assertive types of evidence, such as intrusion alerts, into …

Understand Network Forensics Analysis Mechanism Read More »

Summarize-the-Event-Correlation

Summarize the Event Correlation

Leave a Comment / CHFI, Knowledge Base / By

Summarize the Event Correlation in this article Event correlation is a technique used to assign a new meaning for relating a set of events that occur in a fixed amount of time. This event correlation technique identifies a few events that are important among the large number of events. During the process of event correlation, some new events may occur and delete some existing events from the event stream. In general, the investigators can perform …

Summarize the Event Correlation Read More »

Understand-Laws-and-Regulations

Understand Laws and Regulations

Leave a Comment / CHFI, Knowledge Base / By

Understand Laws and Regulations in this there are many laws that affect digital forensics investigation; for example, some jurisdictions have passed laws that require the investigator to be either a law enforcement officer or a licensed private investigator to extract the evidence. Of course, that does not prevent a forensic investigator from working with information someone else extracted or extracting evidence if the information owner gave his or her permission. It is important to be …

Understand Laws and Regulations Read More »

Linux-Forensics

Linux Forensics

Leave a Comment / CHFI, Knowledge Base / By

Linux forensics refers to performing forensic investigation on a Linux operated device. To do so, the investigators should have a good understanding on the techniques required to conduct live analysis; to collect volatile and non-volatile data, along with knowledge of various shell commands and the information they can retrieve. The investigators should also be aware of the Linux log files, their storage and location in the directory, as they are the most important sources of information …

Linux Forensics Read More »

Understand-Metadata-Investigation

Understand Metadata Investigation

Leave a Comment / CHFI, Knowledge Base / By

Metadata Investigation in this Metadata is the information related to the data stored on the system or a device. It contains details such as type of file, time of creation and modification, location, etc. Investigators can extract metadata to find the internal details of any file or application. Understanding Metadata Metadata is structured data, which gives information about certain characteristics of electronic data, including the time and the person that created, accessed, and modified the …

Understand Metadata Investigation Read More »

Cache-and-Cookies-and-History-Recorded-in-Web-Browser

Understand Cache,Cookies and History Recorded in Web Browser

Leave a Comment / CHFI, Knowledge Base / By

This article explain Understand Cache, Cookies as well as History Recorded in Web Browser in forensic investigation. their is different type of tools for analysis also. Windows Forensics Methodology Operating systems use applications called browsers to attach with internet and permit users to access the external servers and cloud data. The browsers save data on the system within the sort of cache, cookies, and history. Investigators can gather this information and analyze it to seek …

Understand Cache,Cookies and History Recorded in Web Browser Read More »

Memory-Dump

What is Memory Dump?

Leave a Comment / CHFI, Knowledge Base / By

MemoryDump or crash dump is a storage space, where the system stores a memory backup, in case of a system failure. The system also creates a memorydump when it does not have enough memory for system operation. This backup enables users to examine the cause of the system crash and helps to know about any errors in the applications or in the operating system. In Windows systems it is also known as the blue screen …

What is Memory Dump? Read More »