Abstract : Event logs provide an audit trail that records user events and activities on a computer and are a potential source of evidence in digital forensic investigations. This paper presents a Windows event forensic process (WinEFP) for analyzing Windows operating system event log files. The WinEFP covers a number of relevant events that are encountered in Windows forensics. As such, it provides practitioners with guidance on the use of Windows event logs in digital forensic investigations.
Gilbert Peterson; Sujeet Shenoi. 10th IFIP International Conference on Digital Forensics (DF), Jan 2014, Vienna, Austria. Springer, IFIP Advances in Information and Communication Technology, AICT-433, pp.87-100, 2014, Advances in Digital Forensics X. 〈10.1007/978-3-662-44952-3_7〉
https://hal.inria.fr/hal-01393763
Contributeur : Hal Ifip
<>
Soumis le : mardi 8 novembre 2016 - 10:47:26
Dernière modification le : vendredi 1 décembre 2017 - 01:17:03
Document(s) archivé(s) le : mardi 14 mars 2017 - 22:37:37
Quang Do, Ben Martini, Jonathan Looi, Yu Wang, Kim-Kwang Choo. Windows Event Forensic Process. Gilbert Peterson; Sujeet Shenoi. 10th IFIP International Conference on Digital Forensics (DF), Jan 2014, Vienna, Austria. Springer, IFIP Advances in Information and Communication Technology, AICT-433, pp.87-100, 2014, Advances in Digital Forensics X. 〈10.1007/978-3-662-44952-3_7〉. 〈hal-01393763〉