Looking for clues
There are so many places to look for data – PCs, servers, switches, systems are among a few. However, of these have in common – logs. Logs are the electronic list of all activities that the software or hardware has ever done. It is the diary, the record book, the journal of everything and thing that any investigator looks for and by the same token, any hacker or intruder will alter or erase.
Every hardware and software will have logs and it is good practice to always enable them and obtain the most details as much as possible. Sad to say, logs are usually turned off because organizations are wary of the storage space that they take up as they can be quite voluminous and if there are very little events, it will also have very little use. That is, until the big day comes and you got hit. Only then will you realize that there is no information to look back to. Storage has become very cheap and today, cost of disk space should not be an issue anymore.
The smart hacker would either alter or delete the logs so you better have a backup plan for this. As the logs are stored in the individual devices and these same devices are the ones that usually gets compromised, it is wise to have the logs be transmitted to a well-protected and properly backedup Central Log Server. The log servers don’t have to be powerful ones, just with big hard disk storage capacity.