This tag is associated with 4 posts

Coming apart at the SIEMs …

Security Information and Event Management (SIEM)1 systems are all the rage at the moment – and with good cause. As you are all aware, one item of data2 does not a case make, it is the combination & correlation between _all_ of the data that creates “evidence” – and here in the SIEM we are … Continue reading

Timeline Analysis – A One Page Guide

First published February 2010 by Darren Quick Comments and suggestions may be sent to Prepare The scope of the request determines the data to be collected, such as within a specific timeframe, and data of relevance such as specific documents, pictures or video. Can be from multiple computers, other digital data holdings, or other … Continue reading

Intrusion Detection System Logs as Evidence and Legal Aspects

First published January 2007 Fahmid Imtiaz School of Computer and Information Science Edith Cowan University E-mail: Abstract Modern techniques and methodologies for detecting attacks and malicious activities on computers and networks has evolved a lot over the last couple of years. The need for detecting intrusion attempts before the actual attack simplifies the job … Continue reading

The need for effective event management

First published November 2006 courtesy of GFI Software – Introduction Underrated, undervalued and underutilized; events management is most often rated as a tedious and ungrateful task. System administrators shy away from event logs and the events contained within, citing lack of time and clear definitions to the events produced as the principle detractors to … Continue reading

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,291 other followers