Klementinus Kennyvito Salim

Nov
27
2020

Week 9

Forum Based learning : Event log correlation and analysis

Log correlation is a a way that forensics investigator or monitoring team perform to collect logs from all sources in the network and make correlation for those logs to find any incident responses, anomalies and investigations in the network. Even though each sources have different field and format of logs, with log correlation tools such as graylog, splunk and other tools then we can make correlation and analysis.

Written by kks101 in: Network Forensics |

Nov
20
2020

Week 8

Network Intrusion Detection and Analysis – HIDS/HIPS is a host-based intrusion detection system/prevention system while NIDS/NIPS is a network-based intrusion detection system/prevention system.

Modes of Detection :

Signature Based Analysis
Protocol Analysis
Behavioral Analysis

Functionality :

IDS’s are rule based
Issues alerts
Configured to capture suspicious packet sequences

There are 2 types of IDS : Commercial (Extreme point NIPS and tipping point IPS) and open source ( NIDS – Snort & Sagan, HIDS – AIDE & Samhain)

Written by kks101 in: Network Forensics |

Search for:
Recent Posts
- Week 12
- Week 11
- Week 10
- Week 9
- Week 8
Recent Comments
- A WordPress Commenter on Hello world!
Archives
Categories
Meta

Just an ordinary Binusian Site

Week 9

Week 8

Recent Posts

Recent Comments

Archives

Categories

Meta

Pages:

Categories:

Archives:

Meta: