Analysis and Evaluation of the Windows Event Log - Bill Buchanan

More documents

Recommendations

Info

C:\Documents and Settings\Barrie\My ...\Projects\Event Viewer\Event Viewer\Form1.cs using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Text; using System.Windows.Forms; using System.IO; using System.Collections; using System.Security.Cryptography; 1 namespace Event_Viewer { public partial class Form1 : Form { ArrayList lines = new ArrayList(); int arrayItem = 0; public Form1() { InitializeComponent(); readfile(); LoadRecord(); } private void readfile() { StreamReader sr = new StreamReader("c:\\Logs\\127.0.0.1\\EvtLog2.log"); string line; while ((line = sr.ReadLine()) != null) { if(line.Contains("")) lines.Add(line); } sr.Close(); msgTxt.Text = "done"; } private void LoadRecord() { try { string string1 = Convert.ToString(lines[arrayItem]); eventNoLbl.Text = Convert.ToString(arrayItem + 1); string myString1 = ""; string myString2 = ""; serverTimeLbl.Text = string1.Substring((string1.IndexOf(myString1) + myString1.Length), (string1.IndexOf(myString2) - (string1.IndexOf(myString1) + myString1.Length))); string myString3 = ""; string myString4 = ""; clientTimeLbl.Text = string1.Substring((string1.IndexOf(myString3) + myString3.Length), (string1.IndexOf(myString4) - (string1.IndexOf(myString3) + myString3.Length))); string myString5 = ""; string myString6 = ""; userLbl.Text = string1.Substring((string1.IndexOf(myString5) + myString5. Length), (string1.IndexOf(myString6) - (string1.IndexOf(myString5) + myString5. Length))); string myString7 = ""; string myString8 = ""; modTypeLbl.Text = string1.Substring((string1.IndexOf(myString7) + myString7 .Length), (string1.IndexOf(myString8) - (string1.IndexOf(myString7) + myString7. Length))); string myString9 = ""; string myString10 = ""; pathLbl.Text = string1.Substring((string1.IndexOf(myString9) + myString9. Length), (string1.IndexOf(myString10) - (string1.IndexOf(myString9) + myString9.
C:\Documents and Settings\Barrie\My ...\Projects\Event Viewer\Event Viewer\Form1.cs Length))); 2 string myString11 = ""; string myString12 = ""; hmacLbl.Text = string1.Substring((string1.IndexOf(myString11) + myString11. Length), (string1.IndexOf(myString12) - (string1.IndexOf(myString11) + myString11. Length))); hmacChecker(); } catch { MessageBox.Show("No Events Available to Display!","Error"); } } private void hmacChecker() { string string1 = Convert.ToString(lines[arrayItem]); string myString1 = ""; string myString2 = ""; string chkMessage = string1.Substring(string1.IndexOf(myString1), ((string1. IndexOf(myString2) + myString2.Length)- string1.IndexOf(myString1))); msgTxt.Text = chkMessage; } System.Text.ASCIIEncoding encoding = new System.Text.ASCIIEncoding(); byte[] keyByte = encoding.GetBytes(hmacTxt.Text); HMACSHA1 hmac = new HMACSHA1(keyByte); byte[] messageBytes = encoding.GetBytes(chkMessage); byte[] hashmessage = hmac.ComputeHash(messageBytes); hmacCheckLbl.Text = ByteToString(hashmessage); if (hmacCheckLbl.Text == hmacLbl.Text) hmacCheckLbl.Text += " : Hmac Passed!"; else hmacCheckLbl.Text += " : Hmac Failed!"; public static string ByteToString(byte[] buff) { string sbinary = ""; for (int i = 0; i < buff.Length; i++) { sbinary += buff[i].ToString("X2"); // hex format } return (sbinary); } private void nextBtn_Click(object sender, EventArgs e) { arrayItem++; if (arrayItem > lines.Count - 1) arrayItem = 0; LoadRecord(); } private void prevBtn_Click(object sender, EventArgs e) { arrayItem--; if (arrayItem < 0) arrayItem = lines.Count - 1; LoadRecord(); } } }
Page 1 and 2:
Analysis and Evaluation of the Wind
Page 3 and 4:
Barrie Codona, BSc (Hons) Network C
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50: Barrie Codona, BSc (Hons) Network C
Page 75 and 76: Appendix A: Diary Sheets
Page 77 and 78: NAPIER UNIVERSITY SCHOOL OF COMPUTI
Page 85 and 86: Appendix B: Preliminary Gantt Chart
Page 87 and 88: Nov '07 Dec '07 Jan '08 Feb '08 Mar
Page 89 and 90: C:\Documents and Settings\Barrie\My
Page 95 and 96: Appendix D: Server Application Code
Page 99: Appendix E: Event Viewer Code
Page 105 and 106: Appendix G: Processor Monitor Code
Page 107 and 108: Appendix H: HMAC Brute Force Cracke
Page 113 and 114: Appendix I: Windows Event Log Tests
Page 115 and 116: Copy Security Log C:\windows\system
Page 117 and 118: Another look at the Security Log re
Page 119 and 120: The Event Service is then restarted
Page 121 and 122: Another look at the ‘c:\windows\s
Page 123 and 124: CO42019 - Project 4 Computer Name P
Page 125 and 126: CO42019 - Project 4 Turned off the
Page 127 and 128: CO42019 - Project 4 And then restar
Page 129 and 130: CO42019 - Project 4 Modify the ‘l
Page 131 and 132: CO42019 - Project 4 Project - Week
Page 137 and 138: CO42019 - Project 4 As previously d
Page 139 and 140: CO42019 - Project 4 The screenshot
Page 141 and 142: CO42019 - Project 4 Displaying the
Page 143 and 144: CO42019 - Project 4 Modifying the r
Page 145 and 146: CO42019 - Project 4 Master File Tab
Page 147 and 148: CO42019 - Project 4 Modify the sect
Page 149 and 150: CO42019 - Project 4 Sectors 3748520
Page 151 and 152:
CO42019 - Project 4 This now shows
show all

Analysis and Evaluation of the Windows Event Log - Bill Buchanan

Create successful ePaper yourself

Delete template?

Save as template?