Log Forensics

Comprehensive log forensics skill for analyzing various log sources to reconstruct events, detect anomalies, and identify indicators of compromise. Enables correlation across multiple log sources, timeline creation, and automated anomaly detection.

Capabilities

• Windows Event Log Analysis: Parse and analyze EVTX files for security events
• Syslog Analysis: Parse Unix/Linux syslog and rsyslog formats
• Web Server Log Analysis: Analyze Apache, Nginx, IIS access and error logs
• Application Log Analysis: Parse application-specific log formats
• Log Correlation: Correlate events across multiple log sources
• Timeline Generation: Create chronological event timelines
• Anomaly Detection: Detect unusual patterns and outliers
• Authentication Analysis: Track login attempts, failures, and lateral movement
• IOC Extraction: Extract indicators of compromise from log entries
• Statistical Analysis: Perform statistical analysis on log patterns

Quick Start