Importance of Analyzing Logs-Week 3: The Importance of Analyzing Logs (Required/Graded)
Log files are critical for Cyber Analysts who look for scanning activity, attack signatures and patterns, and anomalies.
Log files can often provide you with the where, when, and how the system was accessed by an authorized user.
Many individuals working in the field of Cybersecurity as analysts sift through and examine logs from various IT devices.
In Computer Forensics, a log can provide key information relevant to a case.
Log on to your Kali Linux machine on MARS. Use the useradd command to add a user with your first name (all lowercase).
There are many commercial tools like Spunk, Sawmill, and LogRhythm but you can also use Linux command to parse logs.
Use and discuss one or more Linux commands below to parse yourname from the /var/auth.log file on Kali in MARS. Tail, head, grep, sort, gawk, awk, less, more
If someone on your Forensics team has already picked one of the above tools, pick a different Kali Linux tool from MARS.
(If one team member uses tail and grep and other user uses cat and grep, that is ok. (Do not use the exact same commands.)
Please provide:
- a description of what the Linux commands do.
- how these commands would be useful in a forensic investigation.
- a screenshot with your command with “yourname” as one of the parsed results.
- an APA formatted reference for your post.