This is my presentation on "Logs for Information Assurance and Forensics", which was given to 2 of the USMA @ West Point, NY classes in April 2006. It sure was fun! Now I know where all the smart college students are :-)
Abstract The presentation will cover the use of various systems and network logs and audit trails in the incident response and forensics processes. It will describe both a methodology for log collection and analysis as well as practical case studies and tools. Logs often will provide most of the answers needed for the investigators without diving deeply into expensive disk image forensics. Being able to rely on logs by making sure that they are collected and available for analysis is invaluable during the investigation. – It will also touch upon preserving log evidence integrity and possible challenges to such integrity.