Windows Event Forensic Process
Gespeichert in:
| Titel: | Windows Event Forensic Process |
|---|---|
| Autoren: | Do, Quang, Martini, Ben, Looi, Jonathan, Wang, Yu, Choo, Kim-Kwang |
| Weitere Verfasser: | University of South Australia Adelaide, Gilbert Peterson, Sujeet Shenoi, TC 11, WG 11.9 |
| Quelle: | IFIP Advances in Information and Communication Technology ; 10th IFIP International Conference on Digital Forensics (DF) ; https://inria.hal.science/hal-01393763 ; 10th IFIP International Conference on Digital Forensics (DF), Jan 2014, Vienna, Austria. pp.87-100, ⟨10.1007/978-3-662-44952-3_7⟩ |
| Verlagsinformationen: | CCSD Springer |
| Publikationsjahr: | 2014 |
| Schlagwörter: | Windows event forensic process, Windows event logs, [INFO]Computer Science [cs] |
| Geographisches Schlagwort: | Vienna, Austria |
| Beschreibung: | Part 2: Forensic Techniques ; International audience ; Event logs provide an audit trail that records user events and activities on a computer and are a potential source of evidence in digital forensic investigations. This paper presents a Windows event forensic process (WinEFP) for analyzing Windows operating system event log files. The WinEFP covers a number of relevant events that are encountered in Windows forensics. As such, it provides practitioners with guidance on the use of Windows event logs in digital forensic investigations. |
| Publikationsart: | conference object |
| Sprache: | English |
| DOI: | 10.1007/978-3-662-44952-3_7 |
| Verfügbarkeit: | https://inria.hal.science/hal-01393763 https://inria.hal.science/hal-01393763v1/document https://inria.hal.science/hal-01393763v1/file/978-3-662-44952-3_7_Chapter.pdf https://doi.org/10.1007/978-3-662-44952-3_7 |
| Rights: | http://creativecommons.org/licenses/by/ ; info:eu-repo/semantics/OpenAccess |
| Dokumentencode: | edsbas.ADB82B83 |
| Datenbank: | BASE |
Nájsť tento článok vo Web of Science | Abstract: | Part 2: Forensic Techniques ; International audience ; Event logs provide an audit trail that records user events and activities on a computer and are a potential source of evidence in digital forensic investigations. This paper presents a Windows event forensic process (WinEFP) for analyzing Windows operating system event log files. The WinEFP covers a number of relevant events that are encountered in Windows forensics. As such, it provides practitioners with guidance on the use of Windows event logs in digital forensic investigations. |
|---|---|
| DOI: | 10.1007/978-3-662-44952-3_7 |