Sample DHCP Audit Log File in this DHCP server during a network allocates IP address to a computer during its begin. Therefore, the DHCP server logs contain information regarding the systems that were assigned specific IP addresses by the server, at any given instance. Investigators can examine these logs during forensic examinations.
Now DHCP administrators can easily access this data using the built-in logging mechanisms. The DHCP activity log are often read during a text-based editor and is stored within the C:\Windows\System32\DHCP folder. A log is made for every day of the week and named, for instance, DHCP SrvLog-Wed. log
The DHCP employs a connectionless service model, using the User Datagram Protocol (UDP). it’s implemented with two UDP port numbers for its operations which are an equivalent as for the bootstrap protocol (BOOTP). UDP port number 67 is that the destination port of a server, and UDP port number 68 is employed by the client.
The c: \windows \systern.32 \dhcp folder on DHCP servers stores the DHCP logs, while the C: \prindows‘systern32\dhcp\backup folder contains a backup of the dhcp folder. DHCP server log file format includes fields for ID, date, time, description, IP address, host name, and MAC Address.
Related Product : Computer Hacking Forensic Investigator | CHFI
Evidence Gathering at the info Link Layer: DHCP Database
The DHCP database provides a way for determining the MAC addresses related to the pc in custody. This database helps DHCP to conclude the MAC address just in case DHCP is unable to take care of a permanent log of the only request received.
The DIACP server maintains an inventory of recent queries along side the MAC address and IP address. Investigators can query the database by giving the time duration during which the given IP address accessed the server.
Investigators also can refer the ARP table during an investigation to work out the MAC addresses. The ARP table maintained on the router is of crucial importance, because it can provide information about the MAC address of all the hosts involved within the recent communication.
Investigators can document the ARP table by any of the subsequent means:
- Taking a photograph of the pc screen
- Taking a screenshot of the table and saving it on the disk
- Using the HyperTerminal logging facility
Also Read : Analyzing IDS Logs
ODBC Logging
ODBC logging records a hard and fast set of knowledge fields in an ODBC-compliant database, like Microsoft Access or Microsoft SQL Server. With ODBC logging, a database must be found out to receive the info and this database must be specified to record the log files.
For computers running on SQL server, the 115 ODBC logging table are often created with a Transact-SQL script named logtemp.sql, which is included with IIS.
Following are the steps to make ODBC logging table:
- log on to the server with a user account that has administrative access on the pc that’s running SQL Server
- Open SQL Server Query Analyzer
- On the File menu, choose Open
- Locate the %Windir%\ System32\ inetsrv- folder
- Select logtemp.sql then, open
- within the first line of the logtemp.sql script, replace inetlog with InternetLog
- Select the database to make the InternetLog table. By default, the database is Master, but Microsoft doesn’t recommend that you use this database
- Click Query, then click Execute
Questions related to this topic
- How do I find the IP address of my SQL Server database?
- How do I connect to an SQL database using an IP address?
- How do I access a SQL Server database from another computer using my IP address?
- How do I find my database port?
- What is Sample DHCP Audit Log File?
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com