Analysis and Evaluation of the Windows Event Log - Bill Buchanan
Analysis and Evaluation of the Windows Event Log - Bill Buchanan
Analysis and Evaluation of the Windows Event Log - Bill Buchanan
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
NAPIER UNIVERSITY<br />
SCHOOL OF COMPUTING<br />
PROJECT DIARY<br />
Student: Barrie Codona<br />
Supervisor: <strong>Bill</strong> <strong>Buchanan</strong><br />
Date: 14 th December 2007 Last diary date: 7 th December 2007<br />
Objectives:<br />
1. Continue work on an introduction for <strong>the</strong> project.<br />
Progress:<br />
1. Work has continued on <strong>the</strong> Introduction for <strong>the</strong> project, it is almost complete. It starts <strong>of</strong> with <strong>the</strong><br />
initial sentence that was supplied in <strong>the</strong> project h<strong>and</strong> book “The windows event log is used in digital<br />
forensic cases…” <strong>and</strong> <strong>the</strong>n gives a couple <strong>of</strong> examples <strong>of</strong> where it has been used in digital forensic<br />
cases. It <strong>the</strong>n introduces <strong>the</strong> reader to some <strong>of</strong> <strong>the</strong> security vulnerabilities <strong>of</strong> <strong>the</strong> event logging<br />
service. The report <strong>the</strong>n provides some background information about <strong>the</strong> event log <strong>and</strong> that,<br />
according to Micros<strong>of</strong>t; it was designed to be used as a diagnostic tool. An example <strong>of</strong> how a<br />
logging server would be setup in a corporate environment is given; this involves having <strong>the</strong> log<br />
server connected directly, via a firewall, to a domain controller using a second NIC in <strong>the</strong> server.<br />
The report <strong>the</strong>n introduces <strong>the</strong> design flaws that are in <strong>the</strong> event logging service <strong>and</strong> how more<br />
accurate information, with regards to <strong>the</strong> current state <strong>of</strong> <strong>the</strong> system, needs to be captured.<br />
Supervisor’s Comments:<br />
Version 2<br />
Napier University