Skip to content

iamadityamehta/Security-Operations-SIEM-Forensics

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
Overview
Overview
 
 
Packet Capture Analysis
Packet Capture Analysis
 
 
Report
Report
 
 
Screenshots
Screenshots
 
 
README.md
README.md
 
 

Repository files navigation

🛡️ Networking & Security Operations with SIEM, Forensics and Traffic Analysis

📌 Introduction

This project simulates real-world Security Operations Center (SOC) activities by combining SIEM, digital forensics, and network traffic analysis. The goal is to detect, analyze, and investigate potential security incidents within a network environment.

📌 Internship Context

This task was completed as a part of my Vulnerability Assessment and Penetration Testing (VAPT) Internship at Cyart Technologies in March 2026.

🎯 Objective

  • To understand SOC workflows and operations
  • To detect security incidents using SIEM concepts
  • To perform basic digital forensics
  • To analyze network traffic for threat detection

📍 Scope

  • Log monitoring and analysis
  • Network traffic inspection
  • Incident detection and investigation
  • Basic forensic analysis techniques

🛠️ Tools Used

  • SIEM Tool (Splunk / ELK Stack) (if used)
  • Wireshark (Traffic Analysis)
  • Autopsy / Forensics Tools (if used)
  • Kali Linux / Linux Environment

⚙️ Methodology

1. Environment Setup

  • Configured SIEM and monitoring tools
  • Prepared system for log collection

2. Log Collection & Monitoring

  • Collected logs from system/network
  • Monitored events for suspicious activity

3. Traffic Analysis

  • Captured and analyzed network packets
  • Identified anomalies in communication

4. Incident Detection

  • Detected suspicious patterns and alerts
  • Correlated logs and traffic data

5. Digital Forensics

  • Investigated system artifacts
  • Analyzed evidence for potential compromise

6. Reporting

  • Documented incidents and findings
  • Suggested remediation steps

📊 Key Findings

  • Identified suspicious log patterns
  • Detected anomalies in network traffic
  • Correlated multiple indicators of compromise

💡 Key Learnings

  • Understanding of SOC workflows
  • Hands-on experience with SIEM concepts
  • Basic digital forensics investigation
  • Ability to correlate logs and traffic data

⚠️ Challenges Faced

  • Handling large volumes of logs
  • Understanding SIEM configurations
  • Correlating multiple data sources
  • Interpreting forensic artifacts

🛡️ Security Insights

  • SIEM is critical for centralized monitoring
  • Early detection reduces damage
  • Forensics helps in root cause analysis
  • Continuous monitoring improves defense

📌 Conclusion

This project provided practical exposure to SOC operations, including monitoring, detection, and investigation of security incidents. It strengthened the understanding of real-world cybersecurity workflows.

🚀 Future Improvements

  • Implement advanced SIEM rules
  • Automate incident response
  • Integrate threat intelligence
  • Perform deep forensic investigations

👨‍💻 Author

Aditya Mehta
Cybersecurity Enthusiast | SOC Analyst Aspirant

About

A hands-on cybersecurity project simulating Security Operations Center (SOC) activities using SIEM, digital forensics, and network traffic analysis to detect and investigate security incidents.

Topics

ubuntu elk traffic-analysis forensics wireshark siem traffic-capturing traffic-capture

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors