Skip to Main content Skip to Navigation
Conference papers

Windows Event Forensic Process

Abstract : Event logs provide an audit trail that records user events and activities on a computer and are a potential source of evidence in digital forensic investigations. This paper presents a Windows event forensic process (WinEFP) for analyzing Windows operating system event log files. The WinEFP covers a number of relevant events that are encountered in Windows forensics. As such, it provides practitioners with guidance on the use of Windows event logs in digital forensic investigations.
Document type :
Conference papers
Complete list of metadata

Cited literature [12 references]  Display  Hide  Download

https://hal.inria.fr/hal-01393763
Contributor : Hal Ifip <>
Submitted on : Tuesday, November 8, 2016 - 10:47:26 AM
Last modification on : Thursday, March 5, 2020 - 4:46:28 PM
Long-term archiving on: : Tuesday, March 14, 2017 - 10:37:37 PM

File

978-3-662-44952-3_7_Chapter.pd...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Quang Do, Ben Martini, Jonathan Looi, Yu Wang, Kim-Kwang Choo. Windows Event Forensic Process. 10th IFIP International Conference on Digital Forensics (DF), Jan 2014, Vienna, Austria. pp.87-100, ⟨10.1007/978-3-662-44952-3_7⟩. ⟨hal-01393763⟩

Share

Metrics

Record views

314

Files downloads

4841