Skip to content
Log in

Log normalisation

Definition

The conversion of log entries from their native format into a common schema, typically a structured record with a corrected UTC timestamp, source address, destination address, protocol, and action field. Normalisation makes cross-source comparison programmatic rather than manual.

Related terms

Anchor event
A log entry that can be identified with high confidence across two or more log sources, used to verify relative clock offsets...
Clock skew
The difference between a device's local clock and a trusted reference time such as UTC. Skew accumulates due to hardware drift, timezone...
DHCP lease log
A record maintained by a Dynamic Host Configuration Protocol server that maps each IP address assignment to the requesting device's MAC address,...
NAT (Network Address Translation)
A mechanism by which a router replaces private source IP addresses with a single public IP address before forwarding packets to the...
Session tuple
The five-element identifier for a network session: source IP, source port, destination IP, destination port, and protocol. The session tuple is the...

Explained in

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account