reply to post below cmit digital forensics ja

reply to post below cmit digital forensics ja.

Records of the Operating System (OS) events that indicate how system processes and driver were loaded are called a System Log or Syslog [1]. The syslog contains informational, warning events and errors related to the OS of a computer. Reviewing this information, administrators or a user can troubleshoot the system can identify the cause of a problem or whether the system processes are loading successfully. The log contains information about software, hardware, system processes and components of the system. It indicates as well, whether the processes loaded correctly or not. The information can then be used to diagnose computer program sources, whereas the warning can be used to predict potential system issues and problems.

Additionally, the syslog has standard components that vary from OS to OS. However, there are common components and information captured regardless of the OS. All entries are classified by error, information, warning, success audit and failure audit for Windows systems, and emergency, alert critical, error, warning, notice, info and debug for Mac OS and Linux systems.

Each syslog entry contains header information and descriptions of the events. The descriptions include dates and times the events occurred, the username logged in, and the computer name at the time of the event. It also contains an event ID number that is used to identify the event and the source.

Syslogs can be an important tool for computer forensics examinations because they hold digital fingerprints of systems and activities. In many cases, the logs are breadcrumbs of information that tell what happened during an incident. They can tell you what systems were involved; how the systems and people behaved; what information was accessed, who accessed it, and precise when these activities took place. You can use the event viewer in Windows to view the syslog and in some versions of Microsoft you can view and manage the logs and gather information from there [2]

Internet Information Services (IIS) is a flexible, general purpose web server from Microsoft that runs on Windows systems to serve requested HTML pages or files [3]. IIS web server accepts requests from remote client computers and returns with an appropriate response, allowing web servers to share and deliver information across local area networks. For example intranets, Wide Area networks, and the internet.

reply to post below cmit digital forensics ja