Forensics
Heavy analysis phase, true root cause analysis, and investigation by an outside organization.
Article Type: Topic
- Creating a timebound picture of network activityObtain a complete picture of what data is written to your indexes, through what sources, and by what devices.
- Investigating a ransomware attackUse Splunk software to investigate a ransomware attack by attempting to reconstruct the events that led to the system being infected.
- Investigating unusual file system queriesHow to investigate unusual file system queries with this process you can run in Splunk software.