No one likes to think about data breaches, but the fact is, they happen. Rather than cross your fingers and hope for the best, create an incident response plan ahead of time. Without a plan, you may destroy critical evidence that could be used to prosecute the offender. You might also overlook just how the incident occurred, leaving you exposed to future breaches. Log analysis is an essential component of an incident response plan. You’ll want to review logs from the compromised machine or machines and from other sources, including network devices and access control systems.
A number of log types–transaction, server access, application server, and OS–can all provide valuable information to retrace what occurred. If your database administrator has enabled transaction logs–and it’s a big if–start there because they’re a rich source of information.
Your first goal is to understand what data has been extracted… To read the entire article, please click here.