Maintaining Credible IIS Log Files

by Mark Burnett
Sept. 24, 2017 1 comment Symantec Detection & Response iis

Many network administrators by now have encountered serious Web server intrusions that have resulted in legal action. Often IIS logs are the primary evidence used to track down Web intruders. But what would happen if the credibility of your IIS logs was challenged in court? What if the defense claimed the logs were not reliable enough to be admissible as evidence? I once investigated a serious intrusion as part of a criminal investigation. An intruder broke into an IIS server, uploaded some tools, and then accessed the company's internal database. We knew approximately when the intrusion occurred, but we did not know which of several hundred Web sites on a dozen servers was compromised.

https://www.symantec.com/connect/articles/maintaining-credible-iis-log-files

Avatar
2flash 2 months ago

It is very hard in my opinion to really do what the author is describing here.... it depends also a lot about the laws of the State where you are, or the country.

Reply