The Dark Side of Logging (From the Eyes of an Attacker and a Forensic Analyst)

To most developers, logs are a debugging tool. To attackers, they’re a treasure map. In this talk, we’ll dive into the dark side of logging from two perspectives: the malicious actor looking for weaknesses, and the forensic analyst trying to pick up the pieces after a breach.

We’ll explore how excessive, misconfigured, or insecure logging can quietly expose authentication tokens, internal infrastructure, user PII, and even complete application workflows — often in plain text. We’ll also examine how poor logging hygiene hinders forensic investigations: missing timestamps, inconsistent formats, log tampering, and redaction failures that turn post-incident analysis into guesswork.

Real-world examples will show how attackers use logs to escalate access, pivot across environments, or cover their tracks — and how responders can be left blind. You’ll walk away with a clearer understanding of what to log, what not to log, and how to protect your logs like the critical assets they are.

Veronica Schmitt

Veronica started her forensic career in 2008. Veronica is also an assistant professor at Noroff University in Norway, where she replaced a warm climate with a more adventurous one. Veronica holds a Master in Science at Rhodes University in Information Security with a specialisation in the forensic analysis of malware.

She is currently doing her PhD in cybersecurity at the University of Plymouth in the UK. Her PhD is about designing robust logs for medical devices. She prides herself on keeping patients safe, as this is something close to her heart (quite literally). She is also a cyborg, sporting an embedded medical device herself. She is also a DEF CON goon, and she is the founder of DC2751, and the OWASP Kristiansand project. She has a love for all things ransomware and understands the low level details forensically.

Her particular research interests include research into security vulnerabilities in medical devices forming part of the Internet of Things, and how these could be exploited by malicious attackers, as well as what types of forensic artefacts could be identified from any attacks. She believes that incident response should be something that is continuously done and improved on.

She is extremely passionate about protecting people whose lives depend on these medical devices, and her passion led her to become a researcher within an MDM. She is also developing a digital forensics and incident response approach dealing specifically with implanted medical devices and medical devices installed within a healthcare setting. At her core, Veronica is a forensicator and hacker, in love with every bit, byte, and nibble of knowledge she has obtained. She has a strong belief that the o in logs stand for observability. Knowing what is a problem is half the battle won she believes.

Emlyn Butterfield

Emlyn Butterfield is an experienced academic leader, digital forensics specialist, and cybersecurity educator. Currently serving as Rector at Noroff University College, he has a background in higher education management, curriculum development, and research supervision. With over a decade of experience in academia, he has held key roles such as Head of Computing and Programme Lead for Digital Forensics, contributing to the advancement of forensic education and research.

His research focuses on forensic automation, mobile device forensics, and cybersecurity pedagogy. As a Senior Fellow of the Higher Education Academy, he is dedicated to enhancing teaching practices and fostering student engagement through innovative methodologies.

Beyond academia, he has been involved in research, teaching, and academic leadership, as well as serving as an external examiner and reviewer for universities in the UK. His industry experience includes roles in digital forensics investigations and expert witness services.

He holds an MSc in Forensic Computing from the University of Bradford and a BSc in Computer Science from the University of Hull. His professional training includes certifications in EnCase, XRY, and various forensic analysis tools.