Chapter 11 Text-Based Logs

In the previous chapter, we covered tool analysis. In this chapter and in the four chapters that follow this one, we’ll be covering a variety of Windows logs. Logs are extremely important in network investigations, providing information about external connections, a variety of system events, and dates and times. We’ll begin our coverage of logs with the text-based logs, specifically Windows IIS, FTP, DHCP, and 7 Firewall logs.

Text logs are easy to read because they are in plain text. In a pinch, you can open, read, and search them with a text editor such as Notepad. However, the sheer volume of data in text logs still necessitates the use of specialized tools to search, sort, and otherwise parse through the reams of ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Windows Network Forensics and Investigation, 2nd Edition by

Chapter 11

Text-Based Logs

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly