This week, we learned about Log Correlation and Analysis. There are various sources of logs including OS logs(event logs, syslog), Application Logs(SMTP logs, server logs), Physical Device logs(Camera logs, UPS, logs), and Net Equip logs.

Windows logs are usually the trigger that starts the investigation, in Windows 10 you can access the logs through Event Viewer. Windows logs include event logs, firewall, setup logs, browsing history, and shortcuts.

Log Analysis is reviewing computer generated records called logs, it can be done using splunk.com. Splunk.com is free for <500mb a day and it works on many platforms.