Windows Event Forensic Process

Abstract : Event logs provide an audit trail that records user events and activities on a computer and are a potential source of evidence in digital forensic investigations. This paper presents a Windows event forensic process (WinEFP) for analyzing Windows operating system event log files. The WinEFP covers a number of relevant events that are encountered in Windows forensics. As such, it provides practitioners with guidance on the use of Windows event logs in digital forensic investigations.
Type de document :
Communication dans un congrès
Gilbert Peterson; Sujeet Shenoi. 10th IFIP International Conference on Digital Forensics (DF), Jan 2014, Vienna, Austria. Springer, IFIP Advances in Information and Communication Technology, AICT-433, pp.87-100, 2014, Advances in Digital Forensics X. 〈10.1007/978-3-662-44952-3_7〉
Liste complète des métadonnées

Littérature citée [12 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01393763
Contributeur : Hal Ifip <>
Soumis le : mardi 8 novembre 2016 - 10:47:26
Dernière modification le : vendredi 1 décembre 2017 - 01:17:03
Document(s) archivé(s) le : mardi 14 mars 2017 - 22:37:37

Fichier

978-3-662-44952-3_7_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Quang Do, Ben Martini, Jonathan Looi, Yu Wang, Kim-Kwang Choo. Windows Event Forensic Process. Gilbert Peterson; Sujeet Shenoi. 10th IFIP International Conference on Digital Forensics (DF), Jan 2014, Vienna, Austria. Springer, IFIP Advances in Information and Communication Technology, AICT-433, pp.87-100, 2014, Advances in Digital Forensics X. 〈10.1007/978-3-662-44952-3_7〉. 〈hal-01393763〉

Partager

Métriques

Consultations de la notice

130

Téléchargements de fichiers

147