Analysis and Evaluation of the Windows Event Log - Bill Buchanan
Analysis and Evaluation of the Windows Event Log - Bill Buchanan
Analysis and Evaluation of the Windows Event Log - Bill Buchanan
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Barrie Codona, BSc (Hons) Network Computing, 2007<br />
2 Literature Review<br />
2.1 Introduction<br />
The aim <strong>of</strong> this literature review is to present to <strong>the</strong> reader current techniques <strong>and</strong><br />
research that is being utilised <strong>and</strong> developed in <strong>the</strong> <strong>Log</strong> Management field, <strong>and</strong> how<br />
Digital Forensics are used to analyse <strong>the</strong>se log files. It will also take a look at some <strong>of</strong><br />
<strong>the</strong> techniques that are being used to disrupt a forensic investigation.<br />
By identifying <strong>the</strong>se techniques, it is intended that this will have an influence on <strong>the</strong><br />
design <strong>of</strong> <strong>the</strong> system that is to be developed with <strong>the</strong> aim <strong>of</strong> improving <strong>the</strong> overall<br />
security <strong>and</strong> credibility <strong>of</strong> <strong>the</strong> <strong>Windows</strong> <strong>Event</strong> <strong>Log</strong>ging system.<br />
2.2 Digital Forensics<br />
Crimes involving computers have increased dramatically over <strong>the</strong> last 10 years. This<br />
is due to <strong>the</strong> cost <strong>of</strong> owning a computer <strong>and</strong> having an internet connection decreasing,<br />
<strong>the</strong>refore more people are buying computers <strong>and</strong> more people are subsequently using<br />
<strong>the</strong> internet to facilitate <strong>the</strong>ir crimes. The Parliamentary Office <strong>of</strong> Science <strong>and</strong><br />
Technology (Postnote, 2006) define some types <strong>of</strong> computer crime as storing illegal<br />
images, copyright violations, phishing, denial <strong>of</strong> service attacks <strong>and</strong> creating viruses.<br />
In similarity to <strong>the</strong> physical world, when a crime is committed <strong>the</strong>re is always some<br />
form <strong>of</strong> evidence left behind, this is where digital forensics comes in.<br />
Digital forensics is <strong>the</strong> science <strong>of</strong> being able to extract digital evidence from<br />
computers <strong>and</strong> o<strong>the</strong>r electronic devices “to aid <strong>the</strong> legal process” (Brown, 2006).<br />
According to Rogers (2005) <strong>of</strong> Purdue University, this is achieved by “identification,<br />
collection, examination <strong>and</strong> analysis” <strong>of</strong> <strong>the</strong> data that is contained on storage devices<br />
with <strong>the</strong> aim <strong>of</strong> discovering incriminating digital information (Nair, 2006).<br />
This section presents to <strong>the</strong> reader some <strong>of</strong> <strong>the</strong> techniques that are currently used<br />
during such an investigation <strong>and</strong> how <strong>the</strong> <strong>Windows</strong> event log would be used to assist<br />
an investigation by recreating a timeline <strong>of</strong> events.<br />
13