In this chapter, you learned about another valuable resource in our endeavor to understand network forensics. The importance of logging and different parameters in log management have been highlighted and discussed. We understood the questions we need to answer when we are setting up a logging system that will assist us at the time of a network forensic investigation. We have seen the importance of clock accuracy, correlation, collection, storage, and a host of other factors in logging. We have seen how getting multiple and disparate logs into a single log management system can help us connect the dots and give us an insight into the activities of the intruders zeroing in on our network.

In the next chapter, we will move on to another very important area from an investigation perspective. We will look at proxies, firewalls, and routers with a network forensic investigator's eye. We will see the different types of the preceding devices that form a part of our security perimeter. We will understand their functioning and study how to get data that is useful from this from a network forensic investigation's perspective.