Learning Log 3

In the last few weeks we had a busy schedule; projects were piling up, there were some assignments that were needed to be finished and some studying to be done (Glad its all over now 🙂 ) This week, we discussed about our paper which was to be presented to the class before our midterms. This paper was one of the most challenging task for us as a group because we got something that not everyone in the group understood because it was a new word or a new terminology. It was Correlation. Correlation is a technique wherein the logs are compared and filtered out so that only the important logs are left out after the correlation is applied. I was amazed that this kind of technique existed! (WOW).  Adrian said to me that this is important in log management because every day, thousands of logs are recorded and sometimes there are some false positives and sometimes there are really important logs on the log servers or where the logs are gathered each day. Sir Justin also explain to us briefly on what correlation is.

For me, it’s a new term and hearing the word correlation makes me want to discover and research more about it! I know it will be useful and I am certain that there are more explanations about correlation from other researches. Just like Sir Justin’s paper, they indicated that there should be log consolidation and event management into SIEM. It just goes to show you how important correlation is to a log management system. Earlier this day, was the day of our presentation and we were so nervous because we were about to report in front of the whole class! And Sir Pineda said that if we didn’t have the right answer for each of our blockmates’ question, we get a deduction (was so scared of this HAHAHAHA) but it turned out to be just a joke!!! Hahahaha Long story short, we were able to portray to the class what correlation is and how helpful it is to the IDS or any monitoring system 🙂  Thanks for reading!!!

giphy (1)

Learning Log 2

This week we continued our discussion about BCP or also known as Business Continuity Planning. Basically, this topic is related to a plan which states that if ever a disaster occurred, how would the business survive and continue its operations. Unlike the DRP which is the Disaster Recovery Plan that focuses on the safety of the people or the employees of the company, the BCP wants still run and maintain the business. In this topic, we have some computations about how much would it cost to implement a Business Continuity Planning and how much would the company lose if a disaster occur.

In our activity, we continued the computations about the Case Study that was given to us. Well at first, I was confused on what we were going to do, because in the example there are a lot of values given and I don’t what I will going to do first if it is ALE, SLE etc. But before the nigh ended, we already finished the activity.

So what is the purpose of studying this Business Continuity Planning and Disaster Recovery Plan? For me, Business Continuity Planning is useful since if we were to graduate (naks) and we were ask to design a plan where in the company could survive even if there are many existing risk out there. With BCP for the company, they would be prepare if the disaster occurred. If a Disaster Recovery Plan is implemented for the company, there is an assurance that the employees are safe and sound.

Our recent discussion is about Legal Investigation and Computer Forensics, which we already discussed in INVESTI Class. I forgot some of the terms that we discussed. But honestly, this topics was one of my favorite topics because it is very interesting to learn about Investigation thingy whether it is related to Digital Forensics or not. One thing that always put in my mind was the Computer Forensics Methodology because it is the most important when you’re conducting an investigation when you’re in a Forensic Team.

debate01