Analysis and Evaluation of the Windows Event Log - Bill Buchanan

More documents

Recommendations

Info

Barrie Codona, BSc (Hons) Network Computing, 2007 Figure 17 shows the pseudo code of the process that the application will go through for generating a large numbers of files. Using a For Loop it will continue to create files a predetermined number of times. Each of these files will also be uniquely numbered in their filename. Repeat the following ‘x’ number of times { Create a new file called ‘Sample’x’.txt’ in the test directory } Figure 17: Generate a large number of files pseudo code To provide some degree of error checking this can be slightly modified to perform a check to see if the file already exists. Figure 18 shows how the application will use the unique filename numbering to check if the file exists. This technique will also be used for automatically deleting and modifying the files. Repeat the following ‘x’ number of times { If file ‘Sample’x’.txt does not exist { Create a new file called ‘Sample’x’.txt’ in the test directory } } Figure 18: Generate files with error checking Figure 19 is a screenshot of the application; it provides an option for the tester to specify the number of events that they would like to generate, this can be any number. There are four main buttons that will be used for most of the testing, one for generating the text files, one for modifying the contents of the text files, one for renaming the text files and one for deleting the text files. The tester application also has a display window that outputs messages to the tester, this is used for informing the user when it has started and completed any tasks, it also informs the user when the ‘file counter’ has been changed and what value it is at. 39
Barrie Codona, BSc (Hons) Network Computing, 2007 4.9 Conclusion Figure 19: Tester application This chapter has identified the main components of software that will be developed as part of this project. All the components of the system will be created using C# and the .NET framework, as they provide Event logging, Performance monitoring and encryption classes, which this application makes extensive use of. Based upon the research that was done in the Literature Review and Evaluation of the Windows Event Log chapters it was decided that the application would use clientserver architecture. The client would be the event logger and the server would be the data archiving system. All the communications that take place will be encrypted and all the event s that are generated will be hashed. Also, a method for testing the performance, security and accuracy of the system was proposed. A program that would assist in the testing of the application was also designed; its main purpose is to generate a larger number of events in a very short period of time. This is to simulate the level of traffic that would be present on a corporate sever. 40
Page 1 and 2: Analysis and Evaluation of the Wind
Page 3 and 4: Barrie Codona, BSc (Hons) Network C
Page 39: Barrie Codona, BSc (Hons) Network C
Page 75 and 76: Appendix A: Diary Sheets
Page 77 and 78: NAPIER UNIVERSITY SCHOOL OF COMPUTI
Page 85 and 86: Appendix B: Preliminary Gantt Chart
Page 87 and 88: Nov '07 Dec '07 Jan '08 Feb '08 Mar
Page 89 and 90: C:\Documents and Settings\Barrie\My
Page 91 and 92:
C:\Documents and Settings\Barrie\My
Page 93 and 94:
Page 95 and 96:
Appendix D: Server Application Code
Page 97 and 98:
Page 99 and 100:
Appendix E: Event Viewer Code
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Appendix G: Processor Monitor Code
Page 107 and 108:
Appendix H: HMAC Brute Force Cracke
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Appendix I: Windows Event Log Tests
Page 115 and 116:
Copy Security Log C:\windows\system
Page 117 and 118:
Another look at the Security Log re
Page 119 and 120:
The Event Service is then restarted
Page 121 and 122:
Another look at the ‘c:\windows\s
Page 123 and 124:
CO42019 - Project 4 Computer Name P
Page 125 and 126:
CO42019 - Project 4 Turned off the
Page 127 and 128:
CO42019 - Project 4 And then restar
Page 129 and 130:
CO42019 - Project 4 Modify the ‘l
Page 131 and 132:
CO42019 - Project 4 Project - Week
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
CO42019 - Project 4 As previously d
Page 139 and 140:
CO42019 - Project 4 The screenshot
Page 141 and 142:
CO42019 - Project 4 Displaying the
Page 143 and 144:
CO42019 - Project 4 Modifying the r
Page 145 and 146:
CO42019 - Project 4 Master File Tab
Page 147 and 148:
CO42019 - Project 4 Modify the sect
Page 149 and 150:
CO42019 - Project 4 Sectors 3748520
Page 151 and 152:
CO42019 - Project 4 This now shows
show all

Analysis and Evaluation of the Windows Event Log - Bill Buchanan

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?