Analysis and Evaluation of the Windows Event Log - Bill Buchanan

More documents

Recommendations

Info

CO42019 – Project 4 The above screenshot shows the sectors of the SecEvent.Evt file Project – Week 5.doc Page 2 of 8
CO42019 – Project 4 Modify the sectors • Produce a pice of code that directly modifys the Hex Data contained with the drive secotrs. • This will bypass the file locking. • This process would be slower, as it would need to copy the entire log file, but would be harder to detect. Swap the pointers • Produce a piece of software that modifys the pointers to the cluster chains • This would bypass the file locking. • This process would be fast since it only has to change a coulpe of dozen Hex values, however, it would be easier to detect since the ‘new log’ cluster chains would start nearer to the end of the disc. Project – Week 5.doc Page 3 of 8
Page 1 and 2:
Analysis and Evaluation of the Wind
Page 3 and 4:
Barrie Codona, BSc (Hons) Network C
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Appendix A: Diary Sheets
Page 77 and 78:
NAPIER UNIVERSITY SCHOOL OF COMPUTI
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Appendix B: Preliminary Gantt Chart
Page 87 and 88:
Nov '07 Dec '07 Jan '08 Feb '08 Mar
Page 89 and 90:
C:\Documents and Settings\Barrie\My
Page 91 and 92:
Page 93 and 94:
Page 95 and 96: Appendix D: Server Application Code
Page 97 and 98: C:\Documents and Settings\Barrie\My
Page 99 and 100: Appendix E: Event Viewer Code
Page 105 and 106: Appendix G: Processor Monitor Code
Page 107 and 108: Appendix H: HMAC Brute Force Cracke
Page 113 and 114: Appendix I: Windows Event Log Tests
Page 115 and 116: Copy Security Log C:\windows\system
Page 117 and 118: Another look at the Security Log re
Page 119 and 120: The Event Service is then restarted
Page 121 and 122: Another look at the ‘c:\windows\s
Page 123 and 124: CO42019 - Project 4 Computer Name P
Page 125 and 126: CO42019 - Project 4 Turned off the
Page 127 and 128: CO42019 - Project 4 And then restar
Page 129 and 130: CO42019 - Project 4 Modify the ‘l
Page 131 and 132: CO42019 - Project 4 Project - Week
Page 137 and 138: CO42019 - Project 4 As previously d
Page 139 and 140: CO42019 - Project 4 The screenshot
Page 141 and 142: CO42019 - Project 4 Displaying the
Page 143 and 144: CO42019 - Project 4 Modifying the r
Page 145: CO42019 - Project 4 Master File Tab
Page 149 and 150: CO42019 - Project 4 Sectors 3748520
Page 151 and 152: CO42019 - Project 4 This now shows
show all

Analysis and Evaluation of the Windows Event Log - Bill Buchanan

Create successful ePaper yourself

Delete template?

Save as template?