Network Forensics with Windows DNS Analytical Logging

(Co Authored by Rob Mead (Microsoft Threat Intelligence Center), Kumar Ashutosh and Vithalprasad Gaitonde (Windows DNS Server) Overview DNS queries and responses are a key data source used by network defenders in support of incident response as well as intrusion discovery. If these transactions are collected for processing and analytics in a big data system,…

1