This course provides a comprehensive understanding of log analysis techniques. Students learn how to process logs from Windows and Linux operating systems, firewalls, intrusion detection systems, as well as web and email servers. Students also learn how to assemble evidence found in logs to assist in tasks ranging from building a case to recognizing an intrusion. Students will learn to successfully extract, critically analyze, and identify artifacts relevant to an investigation.