Event Log, Firewall, & Audit Log Examinations

When available, logs from computers/servers, firewalls, and network devices can provide just the set of bread crumbs necessary for an Atlantic Data Forensics computer forensics expert to piece together an incident.

Our trained digital forensic analysts have helped clients understand the path an intruder has taken through their network, pieced together the results of attacks on credit card databases, and identified which computers have been infected by malware by leveraging the power of log files using specialized software and code that can query large amounts of disparate logs simultaneously.

Atlantic Data Forensics practitioners also work with clients to improve their logging, verify that log files are collecting the “right” information, and develop processes and procedures to quickly review and respond to logged events as they happen.  This can provide a range of benefits, including protection against security lapses in perimeter and application defenses. 

Logged information May include:

  • Unique identifiers of the users
  • Logons and logoffs
  • Terminal identity
  • The type of session created
  • Attempts at accessing the system, which will likely include both those that were successful and those that were not (many systems only log the unsuccessful attempts!)
  • Privilege escalation-related events
  • System utilities use
  • Configuration changes
  • Access to files and networks
  • Security-related event access, including triggers to any alarm

These data points can help examiners gain a better understanding of what took place in a particular incident.  Many are unsure whether their network or appliances log this type of information.  We've helped hundreds of clients get a better grasp on the gap between what they think they're logging and what they're actually logging.  Log rollover, unsuccessful-only logging, and space constraints all play into how successful log examinations will be, but Atlantic Data Forensics has numerous tools in their arsenal to get you to your analysis goals.  Logs are just one piece of the puzzle.  

Let ADF help resolve your breach scenario, malware event, disgruntled employee, and more by leveraging the power of logs.