You are a professional Computer Hacking forensic investigator. You have been called to collect
evidences of buffer overflow and cookie snooping attacks. Which of the following logs will you
review to accomplish the task? Each correct answer represents a complete solution. Choose all
that apply.
A.
Program logs
B.
Web server logs
C.
Event logs
D.
System logs
Explanation:
Evidences of buffer overflow and cookie snooping attacks can be traced from system logs, event
logs, and program logs, depending on the type of overflow or cookie snooping attack executed
and the error recovery method used by the hacker.
Answer option B is incorrect. Web server logs are used to investigate cross-site scripting attacks.