In Windows forensics, which log type would most likely reveal evidence of privilege escalation attempts?

An investigator detects unusual SSH login attempts on a Linux server. Which command provides the most targeted view of authentication-related events?

Which log correlation scenario provides the strongest indication of a web server compromise?

In the digital forensic workflow, why is hashing (MD5/SHA-256) applied immediately after evidence acquisition?

Which forensic artifact from the Windows Registry is most useful to confirm that a specific USB device was used for data exfiltration?

During vulnerability assessment, a team discovers HTTP PUT enabled on a production server. What is the most critical risk this configuration introduces?

Which log management tool is best suited for real-time detection of insider threats by correlating user login anomalies across multiple systems?