Tip of the Day: Network Forensics with Windows DNS Analytical Logging
Today’s Tip…
Yesterday’s tip discussed some of the new analytics available for Windows Server 2016 and backported to Windows Server 2012 R2. I couldn’t resist following up with an article on one of the scenarios mentioned in that tip, Network Forensics.
Below is a link to a very informative article written by key members of the DNS Product Group explaining a practical application of analytics to solve a real-world problem. There is some really good stuff here including
- How DNS intel can be used to compromise a network, and how analytics data can be used by network defenders to detect and investigate such an attack
- Example DNS analytic event logs
- Hardcore performance tips –
- To what degree analytics can potentially introduce performance degradation, and
- when to use what method of collection; topics such as tracelog and Windows Event Collection are discussed
- Example of filtering to eliminate less valuable information
Check out the following article for all this and more
Network Forensics with Windows DNS Analytical Logging
And for resources referenced in this and yesterday’s tip.
Update adds query logging and change auditing to Windows DNS servers
Final Thoughts
The article Network Forensics with Windows DNS Analytical Logging represents an excellent example of taking a real world scenario, tools, and data and turning it into a teaching and learning opportunity. I think we can all agree that information is easier to retain, particularly on a topic as nuanced as trace and log analysis, when presented in the context of solving real-world problems.
Do you have scenarios and examples where you used logging and analytics to do something amazing? Get to the bottom of a deep mystery? Eek just a bit more performance out of that app or server?
Doesn’t have to be DNS or even network related. Let us know! There is a good chance that your experiences could be turned into a teaching tools for others while driving a better product and customer experience in the long run.