Understand the Importance of Logs in Cybercrime Investigations

Understanding the Importance of Logs
Student’s Name
Institutional Affiliation
Understanding the Importance of Logs
Importance
Security is rapidly changing and the threats that organization face each day are in a dynamic change as well. Moreover, most of the security professionals have considered the changing rate to be accelerating. Additionally, for organization to address these ever-changing reality, they have to evolve with time as well. However, one may question what are some of the resources that can help in addressing IT security issues. Audit logs are the resources that give signs something is wrong in the systems.
Audit logs are manual or electronic records that provides a chronological order of events and procedures that provide support history and documentation that is used in the authentication of security and operational actions. They also help in the mitigation of various challenges in an organization. The ability to trace records to their origin provides a number of benefits such as transparency and protection of records for compliance purposes, protection of the system from harm or misuse and protecting confidential and important information. Therefore, audit logs ensures the following:
* User Accountability- Implementation of audit logs promotes appropriate user behavior that prevents unauthorized use or modification and improper use of information. The users are aware that their actions are recorded and linked to their identities.
* Event reconstruction- In case of an investigation, the first step of solving the problem is establishing the “when,” “how,” and “what” of an event. Establishing this information plays an important role in detecting problems and preventing future threats or risks.
* Detection of intrusions- Audit logs help in the identification of unauthorized access or suspicious behaviour.
* Problem identification- Audit logs plays an important role in identifying problems associated with system implementation and operational issues as well system or operator errors (Anwar & Abulaish, 2014).
Legality of using logs
Due to the nature of cybercrime investigation process and applicable rules and regulations, any mistake is deemed costly. Therefore, it is important to understand how these laws and regulations impact the audit log process. All processes in the whole process must be conducted in accordance with the prevailing standards (Baykara, Das & Tuna, 2014). Log files can be used in legal matters in this age of information. They can be used as evidence materials in courts to demonstrate a series of events within a certain timeframe. If they satisfy all the requirements of accuracy, they qualify to be included as evidence materials in court. However, it is important to consider the provisions of Data Protection Act in regard to the privacy of the users (Taylor et al., 2012).
Use Multiple Log Sources as Evidence
It is clear that logs can be used in a legal battle. Additionally, multiple logs from third party sources or systems can also be used in an attempt of supporting the logs of the organization or discredit them.
Accuracy and Authenticity of Logs
Proving that the logs are credible requires convincing arguments that they are trustworthy to be valid as admissible evidence. Therefore, the organization must take measurable measures to protect their accuracy and authenticity.
Accuracy implies that the logs represents the activities on the system. Therefore, any slight inaccuracy may raise a number of questions in regard to the validity of the logs. The following steps will ensure that the logs are accurate:
* Log everything- the logs must be configured in a manner that records all of the available fields. This helps in establishing where the problem originated from.
* Keep time- Synchronize the systems to an external time source such as Windows Time service.
* Use multiple sensors- It is not easy to discredit a log if the same information is recorded by two separate devices.
Log Authenticity implies proving that no modifications on the logs from the time they were originally recorded. The following steps will help in safegu...