Skip to Main content Skip to Navigation
Conference papers

Windows Event Forensic Process

Quang Do 1 Ben Martini 1 Jonathan Looi 1 Yu Wang 1 Kim-Kwang Choo 1
1 University of South Australia [Adelaide]
Abstract : Event logs provide an audit trail that records user events and activities on a computer and are a potential source of evidence in digital forensic investigations. This paper presents a Windows event forensic process (WinEFP) for analyzing Windows operating system event log files. The WinEFP covers a number of relevant events that are encountered in Windows forensics. As such, it provides practitioners with guidance on the use of Windows event logs in digital forensic investigations.
Keywords : Windows event forensic process Windows event logs
Document type :
Conference papers
Complete list of metadata

Cited literature [12 references]  Display  Hide  Download
https://hal.inria.fr/hal-01393763
Contributor : Hal Ifip <>
Submitted on : Tuesday, November 8, 2016 - 10:47:26 AM
Last modification on : Thursday, March 5, 2020 - 4:46:28 PM
Long-term archiving on: : Tuesday, March 14, 2017 - 10:37:37 PM

File

Vignette du document
978-3-662-44952-3_7_Chapter.pd...
Files produced by the author(s)

Licence

Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Collections

IFIP | IFIP-AICT | IFIP-TC | IFIP-TC11 | IFIP-DF | IFIP-WG11-9 | IFIP-AICT-433 | IFIP-LNCS | IFIP-WG

Citation

Quang Do, Ben Martini, Jonathan Looi, Yu Wang, Kim-Kwang Choo. Windows Event Forensic Process. 10th IFIP International Conference on Digital Forensics (DF), Jan 2014, Vienna, Austria. pp.87-100, ⟨10.1007/978-3-662-44952-3_7⟩. ⟨hal-01393763⟩

Export

BibTeX TEI DC DCterms EndNote

Share

Metrics

Record views

314

Files downloads

4841

 

Contact                    Legal Notice                    Personal Data