An often overlooked feature of log management software is the ability to conduct forensic analysis of historical events. If your network goes down, your network monitoring tool can tell you what happened, but knowing why it happened is even more valuable.
SolarWinds Log & Event Manager has cutting-edge IT search for fast and easy forensic analysis. Here are six ways that the forensic analysis feature of Log & Event Manager can help you piece together what really happened.
You can download a free, fully functional 30-day trial of Log & Event Manager from here.
ID file changes
When collecting logs, you’re going to see millions of file changes. How do you know which ones to isolate? It’s best to isolate file changes against critical files (protected docs, financial information, personal documents, HR records, etc.).
Look at file changes from a forensic approach to determine if suspicious activity has occurred. Often times, a virus will affect file attribute changes such as permissions changes. This could allow the retrieval of information like a password, resulting in unauthorized file or network access.
Forensic analysis can help you identify if files have been changed, when they were changed, and who made the changes.
Identify user activity
You can map user activity using historical data to link together event logs. You can see the activity of one user, a group of accounts, or a specific type of account.
Using Log & Event Manager to collect logs from hundreds devices makes it easy to summarize the log data to surface events, privilege changes, etc. The forensic analysis feature allows you to quickly identify anything that looks unusual in the accounts you are investigating. Read Full Article