Log data can be key to identify what really happened during an incident. However, organizations often learn that they don,t have enough log data when they need it most, after they had an identified. Disk analysis does not always provide proof of data exfiltration or account compromise. This presentation will talk about what log data should be retained and collected to investigate various types of incidents. Web logs, Windows Event Logs, Webmail logs, Firewall/Web Proxy logs, and other log formats will be discussed. We will explore analysis techniques to filter log data and get answers quickly.

Back to Bloomcon 2017 video list