Computer Forensics: Snort Logs Analysis
Sometimes the best evidence of a network intrusion resides in network or traffic logs. Snort is a well known open-source traffic analysis and network intrusion detection tool. However, using the logs from Snort we can also see how the intrusion happened, rather than just that an intrusion happened.
We’ll use Snort to show how we can piece together what happened and when it happened without depending on traditional hard drive forensics. Computer forensics investigations are often described as trying to find a needle in a haystack. Doing traffic analysis is one way to make that stack of hay much smaller and make that needle much bigger.
Learn Digital Forensics
Learn Digital Forensics
In this video, one of the bonus labs from the InfoSec Institute Computer Forensic Online Training, we will examine the output of a Snort Log to:
- Investigate a suspicious program and user account.
- Monitor the command line traffic on the suspicious machine.
- Review the commands used to install an unauthorized program.
We will also cover the process of locating and researching an unidentified program in a system.
Learn Digital Forensics
Learn Digital Forensics
Hope this video helps,
Keatron
In this Series
- Computer Forensics: Snort Logs Analysis
- Digital forensics and cybersecurity: Setting up a home lab
- Top 7 tools for intelligence-gathering purposes
- iOS forensics
- Kali Linux: Top 5 tools for digital forensics
- Snort demo: Finding SolarWinds Sunburst indicators of compromise
- Memory forensics demo: SolarWinds breach and Sunburst malware
- Digital forensics careers: Public vs private sector?
- Email forensics: desktop-based clients
- What is a Honey Pot? [updated 2021]
- Email forensics: Web-based clients
- Email analysis
- Investigating wireless attacks
- Wireless networking fundamentals for forensics
- Protocol analysis using Wireshark
- Wireless analysis
- Log analysis
- Network security tools (and their role in forensic investigations)
- Sources of network forensic evidence
- Network Security Technologies
- Network Forensics Tools
- The need for Network Forensics
- Network Forensics Concepts
- Networking Fundamentals for Forensic Analysts
- Popular computer forensics top 19 tools [updated 2021]
- 7 best computer forensics tools [updated 2021]
- Spoofing and Anonymization (Hiding Network Activity)
- Browser Forensics: Safari
- Browser Forensics: IE 11
- Browser Forensics: Firefox
- Browser forensics: Google chrome
- Webinar summary: Digital forensics and incident response — Is it the career for you?
- Web Traffic Analysis
- Network forensics overview
- Eyesight to the Blind – SSL Decryption for Network Monitoring [Updated 2019]
- Gentoo Hardening: Part 4: PaX, RBAC and ClamAV [Updated 2019]
- Computer forensics: FTK forensic toolkit overview [updated 2019]
- The mobile forensics process: steps and types
- Free & open source computer forensics tools
- An Introduction to Computer Forensics
- Common mobile forensics tools and techniques
- Computer forensics: Chain of custody [updated 2019]
- Computer forensics: Network forensics analysis and examination steps [updated 2019]
- Computer Forensics: Overview of Malware Forensics [Updated 2019]
- Incident Response and Computer Forensics
- Computer Forensics: Memory Forensics
- Comparison of popular computer forensics tools [updated 2019]
- Computer Forensics: Forensic Analysis and Examination Planning
- Computer forensics: Operating system forensics [updated 2019]
- Computer Forensics: Mobile Forensics [Updated 2019]
- Computer Forensics: Digital Evidence [Updated 2019]
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Digital forensics
Digital forensics
Digital forensics
Digital forensics