SlideShare a Scribd company logo

Investigating server logs

Download as PPT, PDF
Animesh Shaw
Animesh Shaw

Investigating server logs like FTP Server logs, Web Server logs.

Internet
1 of 14
Server Log Forensics Presented By Psycho_Coder Digital Evidence Analyst
Today’s Discussion Topics  What are logs?  Who creates logs?  Basic Terminology  Server Logs  Server Classification  Uncovering the Web Server Logs  Uncovering FTP Server Logs  Analyzing Server Logs
What are logs ? • A file that lists actions that have occurred. For example, Web servers maintain log files listing every request made to the server. With log file analysis tools, it's possible to get a good idea of where visitors are coming from, how often they return, and how they navigate through a site.
Who create logs? • Most Operating Systems stores logs for user actions and events. • All heavy software’s from professional vendors create logs for their software that was installed in a digital system. • Logs on Windows are store in Registry, %appdata% etc. • Logs on Linux is stored in /var/log
Basic Terminology • Server: A server is both a running instance of some software capable of accepting requests from clients, and the computer such a server runs on. • Web Server: It is an information technology that processes requests via HTTP, the basic network protocol used to distribute information on the World Wide Web. The primary function of a web server is to store, process and deliver web pages to clients.
Basic Terminology (contd.) • FTP: The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files from one host to another host over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and uses separate control and data connections between the client and the server.
Server Logs • A server log is a log file (or several files) automatically created and maintained by a server consisting of a list of activities it performed. Example: a web server log which maintains a history of page requests. • These files are usually not accessible to general Internet users, only to the webmaster or other administrative person. • Log data often grouped into different files based on the log type. Example :- Access Log, error log, referrer log etc.
Server Classification • Different Servers do different work. • Some types :- – Telnet Server – FTP Server – HTTP Server – Web Server
Uncovering the Web Server Logs • A Web Server logs all request (GET/POST) • methods into files with URLs and other information. • From the url’s a users motives can be decrypted. Example :- URL :- http://example.com/product?id='+UNION+SELECT+1,2,3,4+ The above tells the forensic investigator that an attempt is being made to perform SQL Injection. Now along with this we will also be able get IP and there by try further to track the IP Location and ISP.
Uncovering the FTP Logs Logs and/or Config stored as .xml files (as observed with Filezilla)
Uncovering the FTP Logs (contd.) • Connection Log shows Host, User and Password info.
Analyzing Server Logs • Knowing the log format – Logs save data in a particular format. – Log format can be configured. – Example: Log4j, Slf4j • Properly handling the log files and preserve the log metadata • Building scripts (Perl, Python, Shell) to automate analysis and search utilities like grep to find spicy info.
QUESTIONS ?
THANK YOU

Recommended

Active directory slides
Active directory slidesActive directory slides
Active directory slides
Timothy Moffatt
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
Venkatesh Chary
 
Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Security
amiable_indian
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?
Ahmed Banafa
 
SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol Overview
Mike Schwartz
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
veena venugopal
 
Forensically Sound Incident Response in Office 365 - SANS DFIR Summit 2018
Forensically Sound Incident Response in Office 365 - SANS DFIR Summit 2018Forensically Sound Incident Response in Office 365 - SANS DFIR Summit 2018
Forensically Sound Incident Response in Office 365 - SANS DFIR Summit 2018
Kroll
 

Recommended

Active directory slides
Active directory slidesActive directory slides
Active directory slides
Timothy Moffatt
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
Venkatesh Chary
 
Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Security
amiable_indian
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?
Ahmed Banafa
 
SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol Overview
Mike Schwartz
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
veena venugopal
 
Forensically Sound Incident Response in Office 365 - SANS DFIR Summit 2018
Forensically Sound Incident Response in Office 365 - SANS DFIR Summit 2018Forensically Sound Incident Response in Office 365 - SANS DFIR Summit 2018
Forensically Sound Incident Response in Office 365 - SANS DFIR Summit 2018
Kroll
 
Mobil Uygulama Güvenlik Testlerinde Sertifika Sabitleme Özelliğinin Atlatılması
Mobil Uygulama Güvenlik Testlerinde Sertifika Sabitleme Özelliğinin AtlatılmasıMobil Uygulama Güvenlik Testlerinde Sertifika Sabitleme Özelliğinin Atlatılması
Mobil Uygulama Güvenlik Testlerinde Sertifika Sabitleme Özelliğinin Atlatılması
BGA Cyber Security
 
Active directory
Active directory Active directory
Active directory
deshvikas
 
Zero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareZero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source Software
MyNOG
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesSSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
JaroslavChmurny
 
Data Modeling for Security, Privacy and Data Protection
Data Modeling for Security, Privacy and Data ProtectionData Modeling for Security, Privacy and Data Protection
Data Modeling for Security, Privacy and Data Protection
Karen Lopez
 
Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacks
phanleson
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
Md. Hasan Basri (Angel)
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
Rashmi Agale
 
Cloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack MitigationCloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack Mitigation
Amazon Web Services
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Ninh Nguyen
 
Windows forensic
Windows forensicWindows forensic
Windows forensic
MD SAQUIB KHAN
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
APNIC
 
Web Application Penetration Tests - Information Gathering Stage
Web Application Penetration Tests - Information Gathering StageWeb Application Penetration Tests - Information Gathering Stage
Web Application Penetration Tests - Information Gathering Stage
Netsparker
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
 
Software security
Software securitySoftware security
Software security
Roman Oliynykov
 
Ofansif ve Defansif Powershell
Ofansif ve Defansif PowershellOfansif ve Defansif Powershell
Ofansif ve Defansif Powershell
BGA Cyber Security
 
DDOS Attack
DDOS Attack DDOS Attack
DDOS Attack
Ahmed Salama
 
ArcSight Basics.ppt
ArcSight Basics.pptArcSight Basics.ppt
ArcSight Basics.ppt
neoalt
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
Allan Pratt MBA
 
File000163
File000163File000163
File000163
Desmond Devendran
 
clickstream analysis
clickstream analysis clickstream analysis
clickstream analysis
ERSHUBHAM TIWARI
 

More Related Content

What's hot

Active directory
Active directory Active directory
Active directory
deshvikas
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
 

What's hot (20)

Mobil Uygulama Güvenlik Testlerinde Sertifika Sabitleme Özelliğinin Atlatılması
Mobil Uygulama Güvenlik Testlerinde Sertifika Sabitleme Özelliğinin AtlatılmasıMobil Uygulama Güvenlik Testlerinde Sertifika Sabitleme Özelliğinin Atlatılması
Mobil Uygulama Güvenlik Testlerinde Sertifika Sabitleme Özelliğinin Atlatılması
 
Active directory
Active directory Active directory
Active directory
 
Zero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareZero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source Software
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesSSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
 
Data Modeling for Security, Privacy and Data Protection
Data Modeling for Security, Privacy and Data ProtectionData Modeling for Security, Privacy and Data Protection
Data Modeling for Security, Privacy and Data Protection
 
Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacks
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack MitigationCloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack Mitigation
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Windows forensic
Windows forensicWindows forensic
Windows forensic
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
 
Web Application Penetration Tests - Information Gathering Stage
Web Application Penetration Tests - Information Gathering StageWeb Application Penetration Tests - Information Gathering Stage
Web Application Penetration Tests - Information Gathering Stage
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Software security
Software securitySoftware security
Software security
 
Ofansif ve Defansif Powershell
Ofansif ve Defansif PowershellOfansif ve Defansif Powershell
Ofansif ve Defansif Powershell
 
DDOS Attack
DDOS Attack DDOS Attack
DDOS Attack
 
ArcSight Basics.ppt
ArcSight Basics.pptArcSight Basics.ppt
ArcSight Basics.ppt
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 

Viewers also liked

Configuring the Apache Web Server
Configuring the Apache Web ServerConfiguring the Apache Web Server
Configuring the Apache Web Server
webhostingguy
 

Viewers also liked (6)

File000163
File000163File000163
File000163
 
clickstream analysis
clickstream analysis clickstream analysis
clickstream analysis
 
Web log & clickstream
Web log & clickstream Web log & clickstream
Web log & clickstream
 
Log Files
Log FilesLog Files
Log Files
 
Configuring the Apache Web Server
Configuring the Apache Web ServerConfiguring the Apache Web Server
Configuring the Apache Web Server
 
Log Mining: Beyond Log Analysis
Log Mining: Beyond Log AnalysisLog Mining: Beyond Log Analysis
Log Mining: Beyond Log Analysis
 

Similar to Investigating server logs

web-servers3952 (1)qwjelkjqwlkjkqlwe.ppt
web-servers3952 (1)qwjelkjqwlkjkqlwe.pptweb-servers3952 (1)qwjelkjqwlkjkqlwe.ppt
web-servers3952 (1)qwjelkjqwlkjkqlwe.ppt
20521742
 
How the internet_works
How the internet_worksHow the internet_works
How the internet_works
arun nalam
 
Presentation 1
Presentation 1Presentation 1
Presentation 1
aisadhsa
 
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...
Ruby Meditation
 
05.m3 cms list-ofwebserver
05.m3 cms list-ofwebserver05.m3 cms list-ofwebserver
05.m3 cms list-ofwebserver
tarensi
 

Similar to Investigating server logs (20)

Clients and Servers.ppt
Clients and Servers.pptClients and Servers.ppt
Clients and Servers.ppt
 
Web server
Web serverWeb server
Web server
 
web-servers3952 (1)qwjelkjqwlkjkqlwe.ppt
web-servers3952 (1)qwjelkjqwlkjkqlwe.pptweb-servers3952 (1)qwjelkjqwlkjkqlwe.ppt
web-servers3952 (1)qwjelkjqwlkjkqlwe.ppt
 
CNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise ServicesCNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise Services
 
CNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise ServicesCNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise Services
 
Application layer protocols
Application layer protocolsApplication layer protocols
Application layer protocols
 
Websphere - Introduction to logs and configuration
Websphere - Introduction to logs and configurationWebsphere - Introduction to logs and configuration
Websphere - Introduction to logs and configuration
 
Web technology Unit I Part C
Web technology Unit I Part CWeb technology Unit I Part C
Web technology Unit I Part C
 
Preprocessing of Web Log Data for Web Usage Mining
Preprocessing of Web Log Data for Web Usage MiningPreprocessing of Web Log Data for Web Usage Mining
Preprocessing of Web Log Data for Web Usage Mining
 
Shipping your logs to elk from mule app/cloudhub part 1
Shipping your logs to elk from mule app/cloudhub part 1Shipping your logs to elk from mule app/cloudhub part 1
Shipping your logs to elk from mule app/cloudhub part 1
 
How the internet_works
How the internet_worksHow the internet_works
How the internet_works
 
1. web technology basics
1. web technology basics1. web technology basics
1. web technology basics
 
Presentation 1
Presentation 1Presentation 1
Presentation 1
 
Web server architecture
Web server architectureWeb server architecture
Web server architecture
 
Ch-1_.ppt
Ch-1_.pptCh-1_.ppt
Ch-1_.ppt
 
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...
 
Apc
ApcApc
Apc
 
SERVERS BASSIC INTRIDUCTION ,TYPES AND THEIR FUNCTIONALITIES
SERVERS BASSIC INTRIDUCTION ,TYPES AND THEIR FUNCTIONALITIESSERVERS BASSIC INTRIDUCTION ,TYPES AND THEIR FUNCTIONALITIES
SERVERS BASSIC INTRIDUCTION ,TYPES AND THEIR FUNCTIONALITIES
 
05.m3 cms list-ofwebserver
05.m3 cms list-ofwebserver05.m3 cms list-ofwebserver
05.m3 cms list-ofwebserver
 
An Introduction To World Wide Web
An Introduction To World Wide WebAn Introduction To World Wide Web
An Introduction To World Wide Web
 

More from Animesh Shaw

More from Animesh Shaw (7)

Factoid based natural language question generation system
Factoid based natural language question generation systemFactoid based natural language question generation system
Factoid based natural language question generation system
 
WhatsApp Forensic
WhatsApp ForensicWhatsApp Forensic
WhatsApp Forensic
 
Flash drives
Flash drivesFlash drives
Flash drives
 
Financial Crimes
Financial CrimesFinancial Crimes
Financial Crimes
 
Email investigation
Email investigationEmail investigation
Email investigation
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & Steganography
 

Recently uploaded

Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Monica Sydney
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
galaxypingy
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
gajnagarg
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 

Recently uploaded (20)

Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolino
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 

Investigating server logs

  • 1. Server Log Forensics Presented By Psycho_Coder Digital Evidence Analyst
  • 2. Today’s Discussion Topics  What are logs?  Who creates logs?  Basic Terminology  Server Logs  Server Classification  Uncovering the Web Server Logs  Uncovering FTP Server Logs  Analyzing Server Logs
  • 3. What are logs ? • A file that lists actions that have occurred. For example, Web servers maintain log files listing every request made to the server. With log file analysis tools, it's possible to get a good idea of where visitors are coming from, how often they return, and how they navigate through a site.
  • 4. Who create logs? • Most Operating Systems stores logs for user actions and events. • All heavy software’s from professional vendors create logs for their software that was installed in a digital system. • Logs on Windows are store in Registry, %appdata% etc. • Logs on Linux is stored in /var/log
  • 5. Basic Terminology • Server: A server is both a running instance of some software capable of accepting requests from clients, and the computer such a server runs on. • Web Server: It is an information technology that processes requests via HTTP, the basic network protocol used to distribute information on the World Wide Web. The primary function of a web server is to store, process and deliver web pages to clients.
  • 6. Basic Terminology (contd.) • FTP: The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files from one host to another host over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and uses separate control and data connections between the client and the server.
  • 7. Server Logs • A server log is a log file (or several files) automatically created and maintained by a server consisting of a list of activities it performed. Example: a web server log which maintains a history of page requests. • These files are usually not accessible to general Internet users, only to the webmaster or other administrative person. • Log data often grouped into different files based on the log type. Example :- Access Log, error log, referrer log etc.
  • 8. Server Classification • Different Servers do different work. • Some types :- – Telnet Server – FTP Server – HTTP Server – Web Server
  • 9. Uncovering the Web Server Logs • A Web Server logs all request (GET/POST) • methods into files with URLs and other information. • From the url’s a users motives can be decrypted. Example :- URL :- http://example.com/product?id='+UNION+SELECT+1,2,3,4+ The above tells the forensic investigator that an attempt is being made to perform SQL Injection. Now along with this we will also be able get IP and there by try further to track the IP Location and ISP.
  • 10. Uncovering the FTP Logs Logs and/or Config stored as .xml files (as observed with Filezilla)
  • 11. Uncovering the FTP Logs (contd.) • Connection Log shows Host, User and Password info.
  • 12. Analyzing Server Logs • Knowing the log format – Logs save data in a particular format. – Log format can be configured. – Example: Log4j, Slf4j • Properly handling the log files and preserve the log metadata • Building scripts (Perl, Python, Shell) to automate analysis and search utilities like grep to find spicy info.