• DocumentCode
    2397239
  • Title

    A Log Correlation Model to Support the Evidence Search Process in a Forensic Investigation

  • Author

    Herrerias, Jorge ; Gomez, Roberto

  • Author_Institution
    Dept. of Comput. Sci., ITESM-CEM, Mexico City
  • fYear
    2007
  • fDate
    10-12 April 2007
  • Firstpage
    31
  • Lastpage
    42
  • Abstract
    Computer forensics searches for evidence to reassemble the actions that led the system from a secure state to the moment an intrusion was detected. The main source of data for a forensic investigation is the information provided by log files. Log files are generated by applications to keep a register of the actions occurred on the system. However, the massive amount of recorded events complicates the forensic investigation. A model composed by a set of agents in order to collect, filter, normalize, and to correlate events coming from diverse log files is proposed in this paper. The purpose of the model is to assist the analyst in the evidence search process of a forensic investigation
  • Keywords
    computer crime; computer forensics; evidence search process; forensic investigation; log correlation model; Application software; Computer science; Engines; Filters; Forensics; Information security; Internet; Intrusion detection; Operating systems; Registers;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Systematic Approaches to Digital Forensic Engineering, 2007. SADFE 2007. Second International Workshop on
  • Conference_Location
    Bell Harbor, WA
  • Print_ISBN
    0-7695-2808-2
  • Electronic_ISBN
    0-7695-2808-2
  • Type

    conf

  • DOI
    10.1109/SADFE.2007.1
  • Filename
    4155348
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2397239