Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Practical Windows Forensics

You're reading from   Practical Windows Forensics Leverage the power of digital forensics for Windows systems

Arrow left icon
Product type Paperback
Published in Jun 2016
Publisher Packt
ISBN-13 9781783554096
Length 322 pages
Edition 1st Edition
Concepts
Arrow right icon
Toc

Table of Contents (15) Chapters Close

Preface 1. The Foundations and Principles of Digital Forensics FREE CHAPTER 2. Incident Response and Live Analysis 3. Volatile Data Collection 4. Nonvolatile Data Acquisition 5. Timeline 6. Filesystem Analysis and Data Recovery 7. Registry Analysis 8. Event Log Analysis 9. Windows Files 10. Browser and E-mail Investigation 11. Memory Forensics 12. Network Forensics appA. Building a Forensic Analysis Environment appB. Case Study

Exploring logs

The most ubiquitous connectivity options of the corporate network to the Internet is to use a proxy server. Moreover, all protocols except HTTP and HTTPS are blocked by a firewall. Therefore, we consider this particular scheme. A proxy server is a server that is an intermediary between the client and server. Proxies can be used for almost any network protocol, but they are most often used for the web traffic for HTTP and HTTPS.

In this case, a forensics analyst usually has a data proxy server. Proxy logs are invaluable in analyzing what URL is accessing the corporate network machines. Analysis of the logs of the proxy server allows you to quickly identify which workstations are exposed to a malicious resource. This is done much faster than in the analysis of each client machine.

Typically, proxy logs include not only the time and IP address of the client and the URL, but they also include the status of the HTTP response and the username:

  • Unix timestamp (sec.ms)
  • Response time...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime