CONFidence 2007 Log Forensics TEASER Preso

Anton Chuvakin
Anton ChuvakinSecurity Strategy
Log Forensics Dr Anton Chuvakin Chief Logging Evangelist
TEASER ,[object Object],[object Object]
Goals ,[object Object],[object Object],[object Object]
Outline ,[object Object],[object Object],[object Object],[object Object],[object Object]
Logs for Cybercrime Investigations ,[object Object],[object Object],[object Object],[object Object],[object Object]
Definitions ,[object Object],[object Object],[object Object]
Log Data Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],What logs? From Where?
So, What is “Log Forensics” ,[object Object],[object Object],[object Object],[object Object],[object Object]
How Logs Help… Sometimes ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Finally, Logs that Aren’t: Log Security ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Logs Forensics Challenges: From US DoJ ,[object Object],[object Object],[object Object],[object Object]
Conclusions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
More information? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
1 of 13

CONFidence 2007 Log Forensics TEASER Preso

Technology

CONFidence 2007 Log Forensics TEASER Preso

Anton Chuvakin
Anton ChuvakinSecurity Strategy

Recommended

Log Forensics from CEIC 2007 by
Log Forensics from CEIC 2007Log Forensics from CEIC 2007
Log Forensics from CEIC 2007Anton Chuvakin
1.2K views16 slides
Logs vs Insiders by
Logs vs InsidersLogs vs Insiders
Logs vs InsidersAnton Chuvakin
1.3K views30 slides
All Anton's Top11 Log Lists by
All Anton's Top11 Log ListsAll Anton's Top11 Log Lists
All Anton's Top11 Log ListsAnton Chuvakin
1.6K views6 slides
Hacker's jargons by
Hacker's jargonsHacker's jargons
Hacker's jargonsPavan M
250 views36 slides
Open stack security emea launch by
Open stack security emea launchOpen stack security emea launch
Open stack security emea launchJoshua McKenty
542 views31 slides
Hacker's jargons by
Hacker's jargonsHacker's jargons
Hacker's jargonsn|u - The Open Security Community
799 views36 slides

More Related Content

Similar to CONFidence 2007 Log Forensics TEASER Preso

Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008 by
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008guestc0c304
269 views41 slides
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008 by
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008Anton Chuvakin
2.9K views41 slides
Logs for Information Assurance and Forensics @ USMA by
Logs for Information Assurance and Forensics @ USMALogs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMAAnton Chuvakin
1.1K views31 slides
Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin by
Using Logs for Breach Investigations and Incident Response by Dr Anton ChuvakinUsing Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin
Using Logs for Breach Investigations and Incident Response by Dr Anton ChuvakinAnton Chuvakin
2.9K views32 slides
Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011 by
Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011
Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011John Bambenek
1.1K views28 slides
Codebits 2010 by
Codebits 2010Codebits 2010
Codebits 2010Tiago Henriques
1.8K views63 slides

Similar to CONFidence 2007 Log Forensics TEASER Preso(20)

Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008 by guestc0c304
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
guestc0c304269 views
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008 by Anton Chuvakin
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
Anton Chuvakin2.9K views
Logs for Information Assurance and Forensics @ USMA by Anton Chuvakin
Logs for Information Assurance and Forensics @ USMALogs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMA
Anton Chuvakin1.1K views
Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin by Anton Chuvakin
Using Logs for Breach Investigations and Incident Response by Dr Anton ChuvakinUsing Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin
Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin
Anton Chuvakin2.9K views
Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011 by John Bambenek
Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011
Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011
John Bambenek1.1K views
Codebits 2010 by Tiago Henriques
Codebits 2010Codebits 2010
Codebits 2010
Tiago Henriques1.8K views
Audit logs for Security and Compliance by Anton Chuvakin
Audit logs for Security and ComplianceAudit logs for Security and Compliance
Audit logs for Security and Compliance
Anton Chuvakin4.5K views
Log Standards & Future Trends by Dr. Anton Chuvakin by Anton Chuvakin
Log Standards & Future Trends by Dr. Anton ChuvakinLog Standards & Future Trends by Dr. Anton Chuvakin
Log Standards & Future Trends by Dr. Anton Chuvakin
Anton Chuvakin2.2K views
Power of logs: practices for network security by Information Technology Society Nepal
Power of logs: practices for network securityPower of logs: practices for network security
Power of logs: practices for network security
Information Technology Society Nepal393 views
Computer Forensics by alrawes
Computer ForensicsComputer Forensics
Computer Forensics
alrawes989 views
Log Mining: Beyond Log Analysis by Anton Chuvakin
Log Mining: Beyond Log AnalysisLog Mining: Beyond Log Analysis
Log Mining: Beyond Log Analysis
Anton Chuvakin20.7K views
03.fnc corporate protect workshop new by forensicsnation
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop new
forensicsnation265 views
FNC Corporate Protect by forensicsnation
FNC Corporate ProtectFNC Corporate Protect
FNC Corporate Protect
forensicsnation353 views
FNC Corporate Protect Workshop by forensicsnation
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshop
forensicsnation430 views
Baselining Logs by Anton Chuvakin
Baselining LogsBaselining Logs
Baselining Logs
Anton Chuvakin4.5K views
NIST 800-92 Log Management Guide in the Real World by Anton Chuvakin
NIST 800-92 Log Management Guide in the Real WorldNIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real World
Anton Chuvakin8.9K views
Logs = Accountability by Anton Chuvakin
Logs = AccountabilityLogs = Accountability
Logs = Accountability
Anton Chuvakin3.4K views
Six Mistakes of Log Management 2008 by Anton Chuvakin
Six Mistakes of Log Management 2008Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008
Anton Chuvakin2.1K views
Msra 2011 windows7 forensics-troyla by CTIN
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troyla
CTIN1.5K views
Network forensics and investigating logs by anilinvns
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
anilinvns12.2K views

More from Anton Chuvakin

SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En... by
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...Anton Chuvakin
33 views22 slides
SOC Lessons from DevOps and SRE by Anton Chuvakin by
SOC Lessons from DevOps and SRE by Anton ChuvakinSOC Lessons from DevOps and SRE by Anton Chuvakin
SOC Lessons from DevOps and SRE by Anton ChuvakinAnton Chuvakin
265 views18 slides
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth by
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 BoothHey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 BoothAnton Chuvakin
139 views10 slides
20 Years of SIEM - SANS Webinar 2022 by
20 Years of SIEM - SANS Webinar 202220 Years of SIEM - SANS Webinar 2022
20 Years of SIEM - SANS Webinar 2022Anton Chuvakin
283 views21 slides
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin by
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton ChuvakinAnton Chuvakin
393 views25 slides
SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends by
SOCstock 2020 Groovy SOC Tunes aka Modern SOC TrendsSOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
SOCstock 2020 Groovy SOC Tunes aka Modern SOC TrendsAnton Chuvakin
286 views14 slides

More from Anton Chuvakin(20)

SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En... by Anton Chuvakin
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...
Anton Chuvakin33 views
SOC Lessons from DevOps and SRE by Anton Chuvakin by Anton Chuvakin
SOC Lessons from DevOps and SRE by Anton ChuvakinSOC Lessons from DevOps and SRE by Anton Chuvakin
SOC Lessons from DevOps and SRE by Anton Chuvakin
Anton Chuvakin265 views
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth by Anton Chuvakin
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 BoothHey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Anton Chuvakin139 views
20 Years of SIEM - SANS Webinar 2022 by Anton Chuvakin
20 Years of SIEM - SANS Webinar 202220 Years of SIEM - SANS Webinar 2022
20 Years of SIEM - SANS Webinar 2022
Anton Chuvakin283 views
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin by Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
Anton Chuvakin393 views
SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends by Anton Chuvakin
SOCstock 2020 Groovy SOC Tunes aka Modern SOC TrendsSOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
Anton Chuvakin286 views
SOCstock 2021 The Cloud-native SOC by Anton Chuvakin
SOCstock 2021 The Cloud-native SOC SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC
Anton Chuvakin429 views
Modern SOC Trends 2020 by Anton Chuvakin
Modern SOC Trends 2020Modern SOC Trends 2020
Modern SOC Trends 2020
Anton Chuvakin756 views
Anton's 2020 SIEM Best and Worst Practices - in Brief by Anton Chuvakin
Anton's 2020 SIEM Best and Worst Practices - in BriefAnton's 2020 SIEM Best and Worst Practices - in Brief
Anton's 2020 SIEM Best and Worst Practices - in Brief
Anton Chuvakin340 views
Generic siem how_2017 by Anton Chuvakin
Generic siem how_2017Generic siem how_2017
Generic siem how_2017
Anton Chuvakin1K views
Tips on SIEM Ops 2015 by Anton Chuvakin
Tips on SIEM Ops 2015Tips on SIEM Ops 2015
Tips on SIEM Ops 2015
Anton Chuvakin365 views
Five SIEM Futures (2012) by Anton Chuvakin
Five SIEM Futures (2012)Five SIEM Futures (2012)
Five SIEM Futures (2012)
Anton Chuvakin609 views
RSA 2016 Security Analytics Presentation by Anton Chuvakin
RSA 2016 Security Analytics PresentationRSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics Presentation
Anton Chuvakin497 views
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin by Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Anton Chuvakin10K views
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin by Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Anton Chuvakin14K views
Practical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin by Anton Chuvakin
Practical Strategies to Compliance and Security with SIEM by Dr. Anton ChuvakinPractical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Practical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Anton Chuvakin3.4K views
SIEM Primer: by Anton Chuvakin
SIEM Primer:SIEM Primer:
SIEM Primer:
Anton Chuvakin4.7K views
Log management and compliance: What's the real story? by Dr. Anton Chuvakin by Anton Chuvakin
Log management and compliance: What's the real story? by Dr. Anton ChuvakinLog management and compliance: What's the real story? by Dr. Anton Chuvakin
Log management and compliance: What's the real story? by Dr. Anton Chuvakin
Anton Chuvakin1.5K views
On Content-Aware SIEM by Dr. Anton Chuvakin by Anton Chuvakin
On Content-Aware SIEM by Dr. Anton ChuvakinOn Content-Aware SIEM by Dr. Anton Chuvakin
On Content-Aware SIEM by Dr. Anton Chuvakin
Anton Chuvakin1.7K views
Making Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin by Anton Chuvakin
Making Log Data Useful: SIEM and Log Management Together by Dr. Anton ChuvakinMaking Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin
Making Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin
Anton Chuvakin2.6K views

Recently uploaded

TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors by
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective SensorsTouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensorssugiuralab
19 views15 slides
Case Study Copenhagen Energy and Business Central.pdf by
Case Study Copenhagen Energy and Business Central.pdfCase Study Copenhagen Energy and Business Central.pdf
Case Study Copenhagen Energy and Business Central.pdfAitana
16 views3 slides
Info Session November 2023.pdf by
Info Session November 2023.pdfInfo Session November 2023.pdf
Info Session November 2023.pdfAleksandraKoprivica4
11 views15 slides
Kyo - Functional Scala 2023.pdf by
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdfFlavio W. Brasil
298 views92 slides
Unit 1_Lecture 2_Physical Design of IoT.pdf by
Unit 1_Lecture 2_Physical Design of IoT.pdfUnit 1_Lecture 2_Physical Design of IoT.pdf
Unit 1_Lecture 2_Physical Design of IoT.pdfStephenTec
12 views36 slides
PharoJS - Zürich Smalltalk Group Meetup November 2023 by
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023Noury Bouraqadi
126 views17 slides

Recently uploaded(20)

TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors by sugiuralab
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective SensorsTouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors
sugiuralab19 views
Case Study Copenhagen Energy and Business Central.pdf by Aitana
Case Study Copenhagen Energy and Business Central.pdfCase Study Copenhagen Energy and Business Central.pdf
Case Study Copenhagen Energy and Business Central.pdf
Aitana16 views
Info Session November 2023.pdf by AleksandraKoprivica4
Info Session November 2023.pdfInfo Session November 2023.pdf
Info Session November 2023.pdf
AleksandraKoprivica411 views
Kyo - Functional Scala 2023.pdf by Flavio W. Brasil
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdf
Flavio W. Brasil298 views
Unit 1_Lecture 2_Physical Design of IoT.pdf by StephenTec
Unit 1_Lecture 2_Physical Design of IoT.pdfUnit 1_Lecture 2_Physical Design of IoT.pdf
Unit 1_Lecture 2_Physical Design of IoT.pdf
StephenTec12 views
PharoJS - Zürich Smalltalk Group Meetup November 2023 by Noury Bouraqadi
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023
Noury Bouraqadi126 views
Vertical User Stories by Moisés Armani Ramírez
Vertical User StoriesVertical User Stories
Vertical User Stories
Moisés Armani Ramírez12 views
SAP Automation Using Bar Code and FIORI.pdf by Virendra Rai, PMP
SAP Automation Using Bar Code and FIORI.pdfSAP Automation Using Bar Code and FIORI.pdf
SAP Automation Using Bar Code and FIORI.pdf
Virendra Rai, PMP22 views
Piloting & Scaling Successfully With Microsoft Viva by Richard Harbridge
Piloting & Scaling Successfully With Microsoft VivaPiloting & Scaling Successfully With Microsoft Viva
Piloting & Scaling Successfully With Microsoft Viva
Richard Harbridge12 views
Uni Systems for Power Platform.pptx by Uni Systems S.M.S.A.
Uni Systems for Power Platform.pptxUni Systems for Power Platform.pptx
Uni Systems for Power Platform.pptx
Uni Systems S.M.S.A.55 views
20231123_Camunda Meetup Vienna.pdf by Phactum Softwareentwicklung GmbH
20231123_Camunda Meetup Vienna.pdf20231123_Camunda Meetup Vienna.pdf
20231123_Camunda Meetup Vienna.pdf
Phactum Softwareentwicklung GmbH33 views
Special_edition_innovator_2023.pdf by WillDavies22
Special_edition_innovator_2023.pdfSpecial_edition_innovator_2023.pdf
Special_edition_innovator_2023.pdf
WillDavies2217 views
Black and White Modern Science Presentation.pptx by maryamkhalid2916
Black and White Modern Science Presentation.pptxBlack and White Modern Science Presentation.pptx
Black and White Modern Science Presentation.pptx
maryamkhalid291616 views
handbook for web 3 adoption.pdf by Liveplex
handbook for web 3 adoption.pdfhandbook for web 3 adoption.pdf
handbook for web 3 adoption.pdf
Liveplex22 views
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive by Network Automation Forum
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLiveAutomating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Network Automation Forum30 views
Tunable Laser (1).pptx by Hajira Mahmood
Tunable Laser (1).pptxTunable Laser (1).pptx
Tunable Laser (1).pptx
Hajira Mahmood24 views
STPI OctaNE CoE Brochure.pdf by madhurjyapb
STPI OctaNE CoE Brochure.pdfSTPI OctaNE CoE Brochure.pdf
STPI OctaNE CoE Brochure.pdf
madhurjyapb13 views
Voice Logger - Telephony Integration Solution at Aegis by Nirmal Sharma
Voice Logger - Telephony Integration Solution at AegisVoice Logger - Telephony Integration Solution at Aegis
Voice Logger - Telephony Integration Solution at Aegis
Nirmal Sharma31 views
Attacking IoT Devices from a Web Perspective - Linux Day by Simone Onofri
Attacking IoT Devices from a Web Perspective - Linux Day Attacking IoT Devices from a Web Perspective - Linux Day
Attacking IoT Devices from a Web Perspective - Linux Day
Simone Onofri15 views
Perth MeetUp November 2023 by Michael Price
Perth MeetUp November 2023 Perth MeetUp November 2023
Perth MeetUp November 2023
Michael Price19 views

CONFidence 2007 Log Forensics TEASER Preso

  • 1. Log Forensics Dr Anton Chuvakin Chief Logging Evangelist
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.