SlideShare a Scribd company logo

Investigating server logs

โ€ขDownload as PPT, PDFโ€ข
โ€ข
Animesh Shaw
Animesh Shaw

Investigating server logs like FTP Server logs, Web Server logs.

Internet
1 of 14
Server Log Forensics Presented By Psycho_Coder Digital Evidence Analyst
Todayโ€™s Discussion Topics ๏‚ง What are logs? ๏‚ง Who creates logs? ๏‚ง Basic Terminology ๏‚ง Server Logs ๏‚ง Server Classification ๏‚ง Uncovering the Web Server Logs ๏‚ง Uncovering FTP Server Logs ๏‚ง Analyzing Server Logs
What are logs ? โ€ข A file that lists actions that have occurred. For example, Web servers maintain log files listing every request made to the server. With log file analysis tools, it's possible to get a good idea of where visitors are coming from, how often they return, and how they navigate through a site.
Who create logs? โ€ข Most Operating Systems stores logs for user actions and events. โ€ข All heavy softwareโ€™s from professional vendors create logs for their software that was installed in a digital system. โ€ข Logs on Windows are store in Registry, %appdata% etc. โ€ข Logs on Linux is stored in /var/log
Basic Terminology โ€ข Server: A server is both a running instance of some software capable of accepting requests from clients, and the computer such a server runs on. โ€ข Web Server: It is an information technology that processes requests via HTTP, the basic network protocol used to distribute information on the World Wide Web. The primary function of a web server is to store, process and deliver web pages to clients.
Basic Terminology (contd.) โ€ข FTP: The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files from one host to another host over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and uses separate control and data connections between the client and the server.
Server Logs โ€ข A server log is a log file (or several files) automatically created and maintained by a server consisting of a list of activities it performed. Example: a web server log which maintains a history of page requests. โ€ข These files are usually not accessible to general Internet users, only to the webmaster or other administrative person. โ€ข Log data often grouped into different files based on the log type. Example :- Access Log, error log, referrer log etc.
Server Classification โ€ข Different Servers do different work. โ€ข Some types :- โ€“ Telnet Server โ€“ FTP Server โ€“ HTTP Server โ€“ Web Server
Uncovering the Web Server Logs โ€ข A Web Server logs all request (GET/POST) โ€ข methods into files with URLs and other information. โ€ข From the urlโ€™s a users motives can be decrypted. Example :- URL :- http://example.com/product?id='+UNION+SELECT+1,2,3,4+ The above tells the forensic investigator that an attempt is being made to perform SQL Injection. Now along with this we will also be able get IP and there by try further to track the IP Location and ISP.
Uncovering the FTP Logs Logs and/or Config stored as .xml files (as observed with Filezilla)
Uncovering the FTP Logs (contd.) โ€ข Connection Log shows Host, User and Password info.
Analyzing Server Logs โ€ข Knowing the log format โ€“ Logs save data in a particular format. โ€“ Log format can be configured. โ€“ Example: Log4j, Slf4j โ€ข Properly handling the log files and preserve the log metadata โ€ข Building scripts (Perl, Python, Shell) to automate analysis and search utilities like grep to find spicy info.
QUESTIONS ?
THANK YOU

Recommended

File000152
File000152File000152
File000152Desmond Devendran
ย 
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksSam Bowne
ย 
Registry forensics
Registry forensicsRegistry forensics
Registry forensicsPrince Boonlia
ย 
File system security
File system securityFile system security
File system securityAmmAr mobark
ย 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisitionprimeteacher32
ย 
Presentation on Web Attacks
Presentation on Web AttacksPresentation on Web Attacks
Presentation on Web AttacksVivek Sinha Anurag
ย 
Web Browser Artifacts
Web Browser ArtifactsWeb Browser Artifacts
Web Browser Artifactsprimeteacher32
ย 
Email Forensics
Email ForensicsEmail Forensics
Email Forensicsprimeteacher32
ย 

Recommended

File000152
File000152File000152
File000152Desmond Devendran
ย 
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksSam Bowne
ย 
Registry forensics
Registry forensicsRegistry forensics
Registry forensicsPrince Boonlia
ย 
File system security
File system securityFile system security
File system securityAmmAr mobark
ย 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisitionprimeteacher32
ย 
Presentation on Web Attacks
Presentation on Web AttacksPresentation on Web Attacks
Presentation on Web AttacksVivek Sinha Anurag
ย 
Web Browser Artifacts
Web Browser ArtifactsWeb Browser Artifacts
Web Browser Artifactsprimeteacher32
ย 
Email Forensics
Email ForensicsEmail Forensics
Email Forensicsprimeteacher32
ย 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
ย 
Data Backup and Recovery.pdf
Data Backup and Recovery.pdfData Backup and Recovery.pdf
Data Backup and Recovery.pdfAshraf Hossain
ย 
Lecture4 Windows System Artifacts.pptx
Lecture4 Windows System Artifacts.pptxLecture4 Windows System Artifacts.pptx
Lecture4 Windows System Artifacts.pptxGaganvirKaur
ย 
Ch 13: Network Protection Systems
Ch 13: Network Protection SystemsCh 13: Network Protection Systems
Ch 13: Network Protection SystemsSam Bowne
ย 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
ย 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensicspranjal dutta
ย 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
ย 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
ย 
Proxy Server
Proxy ServerProxy Server
Proxy Serverguest095022
ย 
DNS ( Domain Name System)
DNS ( Domain Name System)DNS ( Domain Name System)
DNS ( Domain Name System)Prakhar Rastogi
ย 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationSam Bowne
ย 
Thick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfThick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfSouvikRoy114738
ย 
Network management and security
Network management and securityNetwork management and security
Network management and securityAnkit Bhandari
ย 
Email Headers โ€“ Expert Forensic Analysis
Email Headers โ€“ Expert Forensic AnalysisEmail Headers โ€“ Expert Forensic Analysis
Email Headers โ€“ Expert Forensic AnalysisforensicEmailAnalysis
ย 
Firewall
FirewallFirewall
FirewallNilkanth Shingala
ย 
FTP - File Transfer Protocol
FTP - File Transfer ProtocolFTP - File Transfer Protocol
FTP - File Transfer ProtocolPeter R. Egli
ย 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service AttackDhrumil Panchal
ย 
Network security
Network securityNetwork security
Network securityNandini Raj
ย 
Directory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion AttacksDirectory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion AttacksRaghav Bisht
ย 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
ย 
File000163
File000163File000163
File000163Desmond Devendran
ย 
clickstream analysis
clickstream analysis clickstream analysis
clickstream analysisERSHUBHAM TIWARI
ย 

More Related Content

What's hot

Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
ย 
Data Backup and Recovery.pdf
Data Backup and Recovery.pdfData Backup and Recovery.pdf
Data Backup and Recovery.pdfAshraf Hossain
ย 
Lecture4 Windows System Artifacts.pptx
Lecture4 Windows System Artifacts.pptxLecture4 Windows System Artifacts.pptx
Lecture4 Windows System Artifacts.pptxGaganvirKaur
ย 
Ch 13: Network Protection Systems
Ch 13: Network Protection SystemsCh 13: Network Protection Systems
Ch 13: Network Protection SystemsSam Bowne
ย 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
ย 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensicspranjal dutta
ย 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
ย 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
ย 
Proxy Server
Proxy ServerProxy Server
Proxy Serverguest095022
ย 
DNS ( Domain Name System)
DNS ( Domain Name System)DNS ( Domain Name System)
DNS ( Domain Name System)Prakhar Rastogi
ย 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationSam Bowne
ย 
Thick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfThick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfSouvikRoy114738
ย 
Network management and security
Network management and securityNetwork management and security
Network management and securityAnkit Bhandari
ย 
Email Headers โ€“ Expert Forensic Analysis
Email Headers โ€“ Expert Forensic AnalysisEmail Headers โ€“ Expert Forensic Analysis
Email Headers โ€“ Expert Forensic AnalysisforensicEmailAnalysis
ย 
FTP - File Transfer Protocol
FTP - File Transfer ProtocolFTP - File Transfer Protocol
FTP - File Transfer ProtocolPeter R. Egli
ย 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service AttackDhrumil Panchal
ย 
Network security
Network securityNetwork security
Network securityNandini Raj
ย 
Directory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion AttacksDirectory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion AttacksRaghav Bisht
ย 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
ย 

What's hot (20)

Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
ย 
Data Backup and Recovery.pdf
Data Backup and Recovery.pdfData Backup and Recovery.pdf
Data Backup and Recovery.pdf
ย 
Lecture4 Windows System Artifacts.pptx
Lecture4 Windows System Artifacts.pptxLecture4 Windows System Artifacts.pptx
Lecture4 Windows System Artifacts.pptx
ย 
Ch 13: Network Protection Systems
Ch 13: Network Protection SystemsCh 13: Network Protection Systems
Ch 13: Network Protection Systems
ย 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
ย 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensics
ย 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes
ย 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
ย 
Proxy Server
Proxy ServerProxy Server
Proxy Server
ย 
DNS ( Domain Name System)
DNS ( Domain Name System)DNS ( Domain Name System)
DNS ( Domain Name System)
ย 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic Duplication
ย 
Thick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfThick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdf
ย 
Network management and security
Network management and securityNetwork management and security
Network management and security
ย 
Email Headers โ€“ Expert Forensic Analysis
Email Headers โ€“ Expert Forensic AnalysisEmail Headers โ€“ Expert Forensic Analysis
Email Headers โ€“ Expert Forensic Analysis
ย 
Firewall
FirewallFirewall
Firewall
ย 
FTP - File Transfer Protocol
FTP - File Transfer ProtocolFTP - File Transfer Protocol
FTP - File Transfer Protocol
ย 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
ย 
Network security
Network securityNetwork security
Network security
ย 
Directory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion AttacksDirectory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion Attacks
ย 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
ย 

Viewers also liked

clickstream analysis
clickstream analysis clickstream analysis
clickstream analysisERSHUBHAM TIWARI
ย 
Web log & clickstream
Web log & clickstream Web log & clickstream
Web log & clickstream Michel Bruley
ย 
Configuring the Apache Web Server
Configuring the Apache Web ServerConfiguring the Apache Web Server
Configuring the Apache Web Serverwebhostingguy
ย 
Log Mining: Beyond Log Analysis
Log Mining: Beyond Log AnalysisLog Mining: Beyond Log Analysis
Log Mining: Beyond Log AnalysisAnton Chuvakin
ย 

Viewers also liked (6)

File000163
File000163File000163
File000163
ย 
clickstream analysis
clickstream analysis clickstream analysis
clickstream analysis
ย 
Web log & clickstream
Web log & clickstream Web log & clickstream
Web log & clickstream
ย 
Log Files
Log FilesLog Files
Log Files
ย 
Configuring the Apache Web Server
Configuring the Apache Web ServerConfiguring the Apache Web Server
Configuring the Apache Web Server
ย 
Log Mining: Beyond Log Analysis
Log Mining: Beyond Log AnalysisLog Mining: Beyond Log Analysis
Log Mining: Beyond Log Analysis
ย 

Similar to Investigating server logs

Clients and Servers.ppt
Clients and Servers.pptClients and Servers.ppt
Clients and Servers.pptMohammed Ilyas
ย 
Web server
Web serverWeb server
Web serverShubham Jain
ย 
web-servers3952 (1)qwjelkjqwlkjkqlwe.ppt
web-servers3952 (1)qwjelkjqwlkjkqlwe.pptweb-servers3952 (1)qwjelkjqwlkjkqlwe.ppt
web-servers3952 (1)qwjelkjqwlkjkqlwe.ppt20521742
ย 
CNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise ServicesCNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise ServicesSam Bowne
ย 
CNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise ServicesCNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise ServicesSam Bowne
ย 
Application layer protocols
Application layer protocolsApplication layer protocols
Application layer protocolsFabMinds
ย 
Websphere - Introduction to logs and configuration
Websphere - Introduction to logs and configurationWebsphere - Introduction to logs and configuration
Websphere - Introduction to logs and configurationVibrant Technologies & Computers
ย 
Preprocessing of Web Log Data for Web Usage Mining
Preprocessing of Web Log Data for Web Usage MiningPreprocessing of Web Log Data for Web Usage Mining
Preprocessing of Web Log Data for Web Usage MiningAmir Masoud Sefidian
ย 
Shipping your logs to elk from mule app/cloudhub part 1
Shipping your logs to elk from mule app/cloudhub part 1Shipping your logs to elk from mule app/cloudhub part 1
Shipping your logs to elk from mule app/cloudhub part 1Alex Fernandez
ย 
How the internet_works
How the internet_worksHow the internet_works
How the internet_worksarun nalam
ย 
1. web technology basics
1. web technology basics1. web technology basics
1. web technology basicsJyoti Yadav
ย 
Presentation 1
Presentation 1Presentation 1
Presentation 1aisadhsa
ย 
Web server architecture
Web server architectureWeb server architecture
Web server architectureTewodros K
ย 
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...Ruby Meditation
ย 
Apc
ApcApc
Apcksujitha
ย 
SERVERS BASSIC INTRIDUCTION ,TYPES AND THEIR FUNCTIONALITIES
SERVERS BASSIC INTRIDUCTION ,TYPES AND THEIR FUNCTIONALITIESSERVERS BASSIC INTRIDUCTION ,TYPES AND THEIR FUNCTIONALITIES
SERVERS BASSIC INTRIDUCTION ,TYPES AND THEIR FUNCTIONALITIEScricketarmy3218
ย 
05.m3 cms list-ofwebserver
05.m3 cms list-ofwebserver05.m3 cms list-ofwebserver
05.m3 cms list-ofwebservertarensi
ย 
An Introduction To World Wide Web
An Introduction To World Wide WebAn Introduction To World Wide Web
An Introduction To World Wide WebAbhishek Kharbanda
ย 

Similar to Investigating server logs (20)

Clients and Servers.ppt
Clients and Servers.pptClients and Servers.ppt
Clients and Servers.ppt
ย 
Web server
Web serverWeb server
Web server
ย 
web-servers3952 (1)qwjelkjqwlkjkqlwe.ppt
web-servers3952 (1)qwjelkjqwlkjkqlwe.pptweb-servers3952 (1)qwjelkjqwlkjkqlwe.ppt
web-servers3952 (1)qwjelkjqwlkjkqlwe.ppt
ย 
CNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise ServicesCNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise Services
ย 
CNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise ServicesCNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise Services
ย 
Application layer protocols
Application layer protocolsApplication layer protocols
Application layer protocols
ย 
Websphere - Introduction to logs and configuration
Websphere - Introduction to logs and configurationWebsphere - Introduction to logs and configuration
Websphere - Introduction to logs and configuration
ย 
Web technology Unit I Part C
Web technology Unit I Part CWeb technology Unit I Part C
Web technology Unit I Part C
ย 
Preprocessing of Web Log Data for Web Usage Mining
Preprocessing of Web Log Data for Web Usage MiningPreprocessing of Web Log Data for Web Usage Mining
Preprocessing of Web Log Data for Web Usage Mining
ย 
Shipping your logs to elk from mule app/cloudhub part 1
Shipping your logs to elk from mule app/cloudhub part 1Shipping your logs to elk from mule app/cloudhub part 1
Shipping your logs to elk from mule app/cloudhub part 1
ย 
How the internet_works
How the internet_worksHow the internet_works
How the internet_works
ย 
1. web technology basics
1. web technology basics1. web technology basics
1. web technology basics
ย 
Presentation 1
Presentation 1Presentation 1
Presentation 1
ย 
Web server architecture
Web server architectureWeb server architecture
Web server architecture
ย 
Ch-1_.ppt
Ch-1_.pptCh-1_.ppt
Ch-1_.ppt
ย 
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...
ย 
Apc
ApcApc
Apc
ย 
SERVERS BASSIC INTRIDUCTION ,TYPES AND THEIR FUNCTIONALITIES
SERVERS BASSIC INTRIDUCTION ,TYPES AND THEIR FUNCTIONALITIESSERVERS BASSIC INTRIDUCTION ,TYPES AND THEIR FUNCTIONALITIES
SERVERS BASSIC INTRIDUCTION ,TYPES AND THEIR FUNCTIONALITIES
ย 
05.m3 cms list-ofwebserver
05.m3 cms list-ofwebserver05.m3 cms list-ofwebserver
05.m3 cms list-ofwebserver
ย 
An Introduction To World Wide Web
An Introduction To World Wide WebAn Introduction To World Wide Web
An Introduction To World Wide Web
ย 

More from Animesh Shaw

Factoid based natural language question generation system
Factoid based natural language question generation systemFactoid based natural language question generation system
Factoid based natural language question generation systemAnimesh Shaw
ย 
WhatsApp Forensic
WhatsApp ForensicWhatsApp Forensic
WhatsApp ForensicAnimesh Shaw
ย 
Flash drives
Flash drivesFlash drives
Flash drivesAnimesh Shaw
ย 
Financial Crimes
Financial CrimesFinancial Crimes
Financial CrimesAnimesh Shaw
ย 
Email investigation
Email investigationEmail investigation
Email investigationAnimesh Shaw
ย 
Cyber Crime
Cyber CrimeCyber Crime
Cyber CrimeAnimesh Shaw
ย 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & SteganographyAnimesh Shaw
ย 

More from Animesh Shaw (7)

Factoid based natural language question generation system
Factoid based natural language question generation systemFactoid based natural language question generation system
Factoid based natural language question generation system
ย 
WhatsApp Forensic
WhatsApp ForensicWhatsApp Forensic
WhatsApp Forensic
ย 
Flash drives
Flash drivesFlash drives
Flash drives
ย 
Financial Crimes
Financial CrimesFinancial Crimes
Financial Crimes
ย 
Email investigation
Email investigationEmail investigation
Email investigation
ย 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
ย 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & Steganography
ย 

Recently uploaded

WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)
WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)
WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
ย 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...SUHANI PANDEY
ย 
All Time Service Available Call Girls Mg Road ๐Ÿ‘Œ โญ๏ธ 6378878445
All Time Service Available Call Girls Mg Road ๐Ÿ‘Œ โญ๏ธ 6378878445All Time Service Available Call Girls Mg Road ๐Ÿ‘Œ โญ๏ธ 6378878445
All Time Service Available Call Girls Mg Road ๐Ÿ‘Œ โญ๏ธ 6378878445ruhi
ย 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...tanu pandey
ย 
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...SUHANI PANDEY
ย 
Busty DesiโšกCall Girls in Vasundhara Ghaziabad >เผ’8448380779 Escort Service
Busty DesiโšกCall Girls in Vasundhara Ghaziabad >เผ’8448380779 Escort ServiceBusty DesiโšกCall Girls in Vasundhara Ghaziabad >เผ’8448380779 Escort Service
Busty DesiโšกCall Girls in Vasundhara Ghaziabad >เผ’8448380779 Escort ServiceDelhi Call girls
ย 
Lucknow โคCALL GIRL 88759*99948 โคCALL GIRLS IN Lucknow ESCORT SERVICEโคCALL GIRL
Lucknow โคCALL GIRL 88759*99948 โคCALL GIRLS IN Lucknow ESCORT SERVICEโคCALL GIRLLucknow โคCALL GIRL 88759*99948 โคCALL GIRLS IN Lucknow ESCORT SERVICEโคCALL GIRL
Lucknow โคCALL GIRL 88759*99948 โคCALL GIRLS IN Lucknow ESCORT SERVICEโคCALL GIRLimonikaupta
ย 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiEscorts Call Girls
ย 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubaikojalkojal131
ย 
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft DatingDubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Datingkojalkojal131
ย 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...tanu pandey
ย 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...SUHANI PANDEY
ย 
Call Girls in Prashant Vihar, Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort Service
Call Girls in Prashant Vihar, Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort ServiceCall Girls in Prashant Vihar, Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort Service
Call Girls in Prashant Vihar, Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort Service9953056974 Low Rate Call Girls In Saket, Delhi NCR
ย 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceEscorts Call Girls
ย 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
ย 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
ย 
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...SUHANI PANDEY
ย 

Recently uploaded (20)

WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)
WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)
WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)
ย 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
ย 
All Time Service Available Call Girls Mg Road ๐Ÿ‘Œ โญ๏ธ 6378878445
All Time Service Available Call Girls Mg Road ๐Ÿ‘Œ โญ๏ธ 6378878445All Time Service Available Call Girls Mg Road ๐Ÿ‘Œ โญ๏ธ 6378878445
All Time Service Available Call Girls Mg Road ๐Ÿ‘Œ โญ๏ธ 6378878445
ย 
Low Sexy Call Girls In Mohali 9053900678 ๐ŸฅตHave Save And Good Place ๐Ÿฅต
Low Sexy Call Girls In Mohali 9053900678 ๐ŸฅตHave Save And Good Place ๐ŸฅตLow Sexy Call Girls In Mohali 9053900678 ๐ŸฅตHave Save And Good Place ๐Ÿฅต
Low Sexy Call Girls In Mohali 9053900678 ๐ŸฅตHave Save And Good Place ๐Ÿฅต
ย 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
ย 
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
ย 
Busty DesiโšกCall Girls in Vasundhara Ghaziabad >เผ’8448380779 Escort Service
Busty DesiโšกCall Girls in Vasundhara Ghaziabad >เผ’8448380779 Escort ServiceBusty DesiโšกCall Girls in Vasundhara Ghaziabad >เผ’8448380779 Escort Service
Busty DesiโšกCall Girls in Vasundhara Ghaziabad >เผ’8448380779 Escort Service
ย 
Lucknow โคCALL GIRL 88759*99948 โคCALL GIRLS IN Lucknow ESCORT SERVICEโคCALL GIRL
Lucknow โคCALL GIRL 88759*99948 โคCALL GIRLS IN Lucknow ESCORT SERVICEโคCALL GIRLLucknow โคCALL GIRL 88759*99948 โคCALL GIRLS IN Lucknow ESCORT SERVICEโคCALL GIRL
Lucknow โคCALL GIRL 88759*99948 โคCALL GIRLS IN Lucknow ESCORT SERVICEโคCALL GIRL
ย 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
ย 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
ย 
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft DatingDubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
ย 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
ย 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
ย 
Call Girls in Prashant Vihar, Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort Service
Call Girls in Prashant Vihar, Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort ServiceCall Girls in Prashant Vihar, Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort Service
Call Girls in Prashant Vihar, Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort Service
ย 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
ย 
valsad Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
ย 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
ย 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
ย 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
ย 
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
ย 

Investigating server logs

  • 1. Server Log Forensics Presented By Psycho_Coder Digital Evidence Analyst
  • 2. Todayโ€™s Discussion Topics ๏‚ง What are logs? ๏‚ง Who creates logs? ๏‚ง Basic Terminology ๏‚ง Server Logs ๏‚ง Server Classification ๏‚ง Uncovering the Web Server Logs ๏‚ง Uncovering FTP Server Logs ๏‚ง Analyzing Server Logs
  • 3. What are logs ? โ€ข A file that lists actions that have occurred. For example, Web servers maintain log files listing every request made to the server. With log file analysis tools, it's possible to get a good idea of where visitors are coming from, how often they return, and how they navigate through a site.
  • 4. Who create logs? โ€ข Most Operating Systems stores logs for user actions and events. โ€ข All heavy softwareโ€™s from professional vendors create logs for their software that was installed in a digital system. โ€ข Logs on Windows are store in Registry, %appdata% etc. โ€ข Logs on Linux is stored in /var/log
  • 5. Basic Terminology โ€ข Server: A server is both a running instance of some software capable of accepting requests from clients, and the computer such a server runs on. โ€ข Web Server: It is an information technology that processes requests via HTTP, the basic network protocol used to distribute information on the World Wide Web. The primary function of a web server is to store, process and deliver web pages to clients.
  • 6. Basic Terminology (contd.) โ€ข FTP: The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files from one host to another host over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and uses separate control and data connections between the client and the server.
  • 7. Server Logs โ€ข A server log is a log file (or several files) automatically created and maintained by a server consisting of a list of activities it performed. Example: a web server log which maintains a history of page requests. โ€ข These files are usually not accessible to general Internet users, only to the webmaster or other administrative person. โ€ข Log data often grouped into different files based on the log type. Example :- Access Log, error log, referrer log etc.
  • 8. Server Classification โ€ข Different Servers do different work. โ€ข Some types :- โ€“ Telnet Server โ€“ FTP Server โ€“ HTTP Server โ€“ Web Server
  • 9. Uncovering the Web Server Logs โ€ข A Web Server logs all request (GET/POST) โ€ข methods into files with URLs and other information. โ€ข From the urlโ€™s a users motives can be decrypted. Example :- URL :- http://example.com/product?id='+UNION+SELECT+1,2,3,4+ The above tells the forensic investigator that an attempt is being made to perform SQL Injection. Now along with this we will also be able get IP and there by try further to track the IP Location and ISP.
  • 10. Uncovering the FTP Logs Logs and/or Config stored as .xml files (as observed with Filezilla)
  • 11. Uncovering the FTP Logs (contd.) โ€ข Connection Log shows Host, User and Password info.
  • 12. Analyzing Server Logs โ€ข Knowing the log format โ€“ Logs save data in a particular format. โ€“ Log format can be configured. โ€“ Example: Log4j, Slf4j โ€ข Properly handling the log files and preserve the log metadata โ€ข Building scripts (Perl, Python, Shell) to automate analysis and search utilities like grep to find spicy info.