This week I'm wrapping up my series on SSH forensics with a discussion on SSH log triage. Logs are usually what an analyst will start with, so this episode is important. There are a few different log types, and there is a pitfall with one of them, which is something you must be aware of to avoid making inaccurate conclusions. I'll provide the artifact breakdown, triage methodology, and more.