This course provides foundational log analysis skills and experience using the tools needed to help detect a network intrusion. Students learn how to process logs from Windows and Linux operating systems, firewalls, intrusion detection systems and Web and e-mail servers. Applying their analytical skills, students learn how to assemble evidence found in logs to assist in tasks ranging from building a case to recognizing an intrusion.
Learning Objectives
- Explain log analysis methodology
- Analyze and evaluate log files
- Explain the benefits of log analysis in an intrusion investigation
- Perform the extraction of information from log files
- Arrange log file data