Study on electronic evidence acquisition and analysis method over Windows logs
In order to collect logs in real time,two methods to acquire Windows logs in real time were proposed respectively according to the two types of log file formats.Based on acquiring logs,an approach for correlating log files with atomic attack functions was proposed.After the correlation,atomic attack...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2012-11-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2012.z2.016/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539836933046272 |
|---|---|
| author | Xiao-mei DONG Xu-dong LIU Xiao-hua LI Ya-jie FEI |
| author_facet | Xiao-mei DONG Xu-dong LIU Xiao-hua LI Ya-jie FEI |
| author_sort | Xiao-mei DONG |
| collection | DOAJ |
| description | In order to collect logs in real time,two methods to acquire Windows logs in real time were proposed respectively according to the two types of log file formats.Based on acquiring logs,an approach for correlating log files with atomic attack functions was proposed.After the correlation,atomic attack functions can be analyzed instead of log files,which can greatly decrease the time of analysis.A time based log correlation and event reconstruction method was proposed to reconstruct the computer criminal scenarios.Experimental results show that log evidences can be acquired and the crime process can be reconstructed effectively. |
| format | Article |
| id | doaj-art-c705b782983847aeba2086bdf508822e |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2012-11-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-c705b782983847aeba2086bdf508822e2025-01-14T06:34:26ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2012-11-013312513459669843Study on electronic evidence acquisition and analysis method over Windows logsXiao-mei DONGXu-dong LIUXiao-hua LIYa-jie FEIIn order to collect logs in real time,two methods to acquire Windows logs in real time were proposed respectively according to the two types of log file formats.Based on acquiring logs,an approach for correlating log files with atomic attack functions was proposed.After the correlation,atomic attack functions can be analyzed instead of log files,which can greatly decrease the time of analysis.A time based log correlation and event reconstruction method was proposed to reconstruct the computer criminal scenarios.Experimental results show that log evidences can be acquired and the crime process can be reconstructed effectively.http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2012.z2.016/computer forensicsWindows logsacquisitionanalysisevent reconstruction |
| spellingShingle | Xiao-mei DONG Xu-dong LIU Xiao-hua LI Ya-jie FEI Study on electronic evidence acquisition and analysis method over Windows logs Tongxin xuebao computer forensics Windows logs acquisition analysis event reconstruction |
| title | Study on electronic evidence acquisition and analysis method over Windows logs |
| title_full | Study on electronic evidence acquisition and analysis method over Windows logs |
| title_fullStr | Study on electronic evidence acquisition and analysis method over Windows logs |
| title_full_unstemmed | Study on electronic evidence acquisition and analysis method over Windows logs |
| title_short | Study on electronic evidence acquisition and analysis method over Windows logs |
| title_sort | study on electronic evidence acquisition and analysis method over windows logs |
| topic | computer forensics Windows logs acquisition analysis event reconstruction |
| url | http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2012.z2.016/ |
| work_keys_str_mv | AT xiaomeidong studyonelectronicevidenceacquisitionandanalysismethodoverwindowslogs AT xudongliu studyonelectronicevidenceacquisitionandanalysismethodoverwindowslogs AT xiaohuali studyonelectronicevidenceacquisitionandanalysismethodoverwindowslogs AT yajiefei studyonelectronicevidenceacquisitionandanalysismethodoverwindowslogs |