Skip to Main content Skip to Navigation
Conference papers

Windows Event Forensic Process

Abstract : Event logs provide an audit trail that records user events and activities on a computer and are a potential source of evidence in digital forensic investigations. This paper presents a Windows event forensic process (WinEFP) for analyzing Windows operating system event log files. The WinEFP covers a number of relevant events that are encountered in Windows forensics. As such, it provides practitioners with guidance on the use of Windows event logs in digital forensic investigations.
Complete list of metadatas

Cited literature [12 references]  Display  Hide  Download

https://hal.inria.fr/hal-01393763
Contributor : Hal Ifip <>
Submitted on : Tuesday, November 8, 2016 - 10:47:26 AM
Last modification on : Thursday, March 5, 2020 - 4:46:28 PM
Document(s) archivé(s) le : Tuesday, March 14, 2017 - 10:37:37 PM

File

978-3-662-44952-3_7_Chapter.pd...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Quang Do, Ben Martini, Jonathan Looi, Yu Wang, Kim-Kwang Choo. Windows Event Forensic Process. 10th IFIP International Conference on Digital Forensics (DF), Jan 2014, Vienna, Austria. pp.87-100, ⟨10.1007/978-3-662-44952-3_7⟩. ⟨hal-01393763⟩

Share

Metrics

Record views

265

Files downloads

3538