Logs Fundamentals

Introduction to Logs

What do you think about attackers? are they clever enough? Think like if the criminal is clever enough will they leave crime scene without any traces?…………..the answer is yes, they are clever enough to silently watching over your online world without any traces left behind. Now other question is that What if something happened within a digital device? Where do we find all these traces to investigate further?

There are various places inside a system where the traces of an attack could be fetched. The ogs contains most of these traces. Logs are the digital footprints left behind by any activity. The activity could be normal one or the one with malicious intent. Tracing down the activity and the individual behind the execution of that activity becomes easier through logs.

Use Case of Logs

1. Securing Events Monitoring —_ Logs help us detect anomalous behaviour when real-time monitoring is used._
2. Incident Investigation and forensics —_ Logs are the traces of every kind of activity. It offers detailed information on what happened during the incident. The security team utilizes the logs to perform root cause analysis of incidents._
3. Troubleshooting —_ As the logs also record the errors in systems or applications, they can be used to diagnose issues and helpful in fixing them._
4. Performance Monitoring —_ Logs can also provide valuable insights into the performance of applications._
5. Auditing and Compliance —_ Logs plays a major role in Auditing and Compliance, making it easier with it's capability to establish a trail of different kind of activities._

Types of Logs

1. System Logs — The system logs can be helpful in troubleshooting running issues in the OS. These logs provide information on various operating system activities.
2. Security Logs — The security logs helps detect and investigate incidents. These logs provide information on the security-related activities in the system.
3. Application Logs — The application logs contains specific events related to the application. Any interactive or non-interactive activity happening inside the application will be logged here.
4. Audit logs — The audit logs provide detailed information on the system changes and user events. These logs are helpful for compliance requirements and can play a vital role in security monitoring as well.
5. Network logs — Network logs provide information on the network's outgoing and incoming traffic. They play crucial roles in troubleshooting network issues and can also be handy during incident investigations.
6. Access Logs — The access logs provide detailed information about the access to different resources. These resources can be of different types, providing us with information on their access.

Like other operating systems, Windows OS also logs many of the activities that take place. These are stored in segregated log files, each with a specific log category. Some of the crucial types of logs stored in a Windows Operating System are:

• Application: There are many applications running on the operating system. Any information related to those applications is logged into this file. This information includes errors, warnings, compatibility issues, etc.
• System: The operating system itself has different running operations. Any information related to these operations is logged in the System log file. This information includes driver issues, hardware issues, system startup and shutdown information, services information, etc.
• Security: This is the most important log file in Windows OS in terms of security. It logs all security-related activities, including user authentication, changes in user accounts, security policy changes, etc.