Monday, June 02, 2008

I am presenting at TechNet Security Series Seminar IV

My topic:
Session 2: Using Log Parser for Correlating Window’s log data for Forensics in Investigating Intrusions
Time: 3.20pm to 4.05pm

Synopsis: Microsoft has Application, Security and System event logs built into the OS from Windows®NT v3.51 forward. This session will dwell into understanding how this logs can be configured properly to audit success and failures of all security related events. Additionally, other services (IIS™, ISA™, Routers etc.) have their own logs that contain vital information independent of the OS.

Next, we will learn about what is Log Parser, how does it work and what can it do. Next we will walk through some scripts and even build some from scratch to identify many suspicious activities. Most of the time these activities are going to be followed by some sort of malicious activity. So next, we will attempt to find these indicators by checking the files and system services for “strange” activity. Finally, we will look at other “cool” Uses of the Log Parser.

Link to the event:

1 comment:

Phillip Tan said...

Thank you Gill. It was indeed a very interesting seminar. Appreciate it. Well, you do have alot of those good techincal papers written for IT. I am glad I struck gold, learning all that through your post.. Thank you..