Analysis and Evaluation of the Windows Event Log - Bill Buchanan

More documents

Recommendations

Info

Barrie Codona, BSc (Hons) Network Computing, 2007 Figure 49: Event viewer application. ……………………………….…..….……… 60 Figure 50: Custom event log. ……………………………………………………… 60 Figure 51: Client XML string without HMAC. ……………..…………….……… 61 Figure 52: Client XML string with HMAC. …………………..…..……………… 61 Figure 53: HMAC test data. ……………………………………….……………… 61 Figure 54: HashCalc Screenshot. ………………………………….……………… 62 Figure 55: iFrame.in Hash Calculator. …………………………….……………… 63 Figure 56: Three character HMAC test data. ……………………………………… 64 Figure 57: HMAC brute force application. ……………………………...………… 64 Figure 58: Four character key HMAC test data. …………………………..……… 64 Figure 59: Found four character key. ……………………………………………… 64 Figure 60: HMAC key entropy. ………………………………………..….……… 65 Figure 61: Custom event log showing ‘SecEvent.Evt’. …………………………… 66 7
Barrie Codona, BSc (Hons) Network Computing, 2007 Acknowledgements I would like to thank Professor William Buchanan, for his invaluable guidance and support throughout this project. In addition, I would like to thank Dr Gordon Russell for being part of the marking process. 8
Page 1 and 2: Analysis and Evaluation of the Wind
Page 3 and 4: Barrie Codona, BSc (Hons) Network C
Page 7: Barrie Codona, BSc (Hons) Network C
Page 59 and 60:
Barrie Codona, BSc (Hons) Network C
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Appendix A: Diary Sheets
Page 77 and 78:
NAPIER UNIVERSITY SCHOOL OF COMPUTI
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Appendix B: Preliminary Gantt Chart
Page 87 and 88:
Nov '07 Dec '07 Jan '08 Feb '08 Mar
Page 89 and 90:
C:\Documents and Settings\Barrie\My
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Appendix D: Server Application Code
Page 97 and 98:
Page 99 and 100:
Appendix E: Event Viewer Code
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Appendix G: Processor Monitor Code
Page 107 and 108:
Appendix H: HMAC Brute Force Cracke
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Appendix I: Windows Event Log Tests
Page 115 and 116:
Copy Security Log C:\windows\system
Page 117 and 118:
Another look at the Security Log re
Page 119 and 120:
The Event Service is then restarted
Page 121 and 122:
Another look at the ‘c:\windows\s
Page 123 and 124:
CO42019 - Project 4 Computer Name P
Page 125 and 126:
CO42019 - Project 4 Turned off the
Page 127 and 128:
CO42019 - Project 4 And then restar
Page 129 and 130:
CO42019 - Project 4 Modify the ‘l
Page 131 and 132:
CO42019 - Project 4 Project - Week
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
CO42019 - Project 4 As previously d
Page 139 and 140:
CO42019 - Project 4 The screenshot
Page 141 and 142:
CO42019 - Project 4 Displaying the
Page 143 and 144:
CO42019 - Project 4 Modifying the r
Page 145 and 146:
CO42019 - Project 4 Master File Tab
Page 147 and 148:
CO42019 - Project 4 Modify the sect
Page 149 and 150:
CO42019 - Project 4 Sectors 3748520
Page 151 and 152:
CO42019 - Project 4 This now shows
show all

Analysis and Evaluation of the Windows Event Log - Bill Buchanan

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?