IT security managers lay a lot of emphasis on conducting log forensics investigations. According to the SANS 2013 Digital Forensics Survey , 57% of the respondents said that they conduct forensic investigations to “find and investigate incidents as they are occurring” and 75% of the respondents said they conduct forensic investigations to “find and investigate incidents after the fact”. Detecting the activity of hackers is never easy