The CSI Effect Comes to Cybersecurity

When it comes to cybersecurity investigations, instead of swabs, fingerprints and fibers, a key source of evidence are system logs. Everything from applications to devices is capable of generating an audit trail, ‘logging’ activities and events. At its simplest, if we have a record of logons to a system, and we know when our breach happened, we have a cyber ‘smoking gun’.

If these logs provide all the answers, why are we still regularly hearing about cyber-attacks? One reason is that, just as DNA samples aren’t always available at a crime scene, audit logs may not be detailed enough, or may not even exist at all.