Skip to content
Log in

Log correlation

Definition

The process of matching related events from different log sources using shared attributes such as IP address, username, timestamp, or session ID. Correlation transforms individual raw log lines into higher-level events that carry investigative meaning.

Related terms

Alert triage
The process of reviewing SIEM-generated alerts to determine which are genuine security events and which are false positives. In forensic investigations, alert...
Chain of custody
The documented chronological record of who collected, handled, transferred, and examined a piece of evidence. For digital evidence, chain of custody includes...
Normalisation
The process of converting log data from different vendors and formats into a common schema so that fields can be compared across...
Retention policy
An organisation's rule specifying how long log data is stored before deletion or archiving. Policies are typically driven by compliance requirements and...
SIEM
Security Information and Event Management. A platform that ingests log streams from multiple sources, normalises them to a common schema, and applies...

Explained in

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account