Analysis and Evaluation of the Windows Event Log - Bill Buchanan
Analysis and Evaluation of the Windows Event Log - Bill Buchanan
Analysis and Evaluation of the Windows Event Log - Bill Buchanan
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
NAPIER UNIVERSITY<br />
SCHOOL OF COMPUTING<br />
PROJECT DIARY<br />
Student: Barrie Codona<br />
Supervisor: <strong>Bill</strong> <strong>Buchanan</strong><br />
Date: 19 th March 2008 Last diary date: 20 th February 2008<br />
Objectives:<br />
1. Convert all <strong>the</strong> event tags to an XML format.<br />
2. Encrypt <strong>the</strong> client server communication using RSA.<br />
3. Ensure that both <strong>the</strong> client <strong>and</strong> server applications are not missing any events that happen.<br />
Progress:<br />
1. A fairly trivial modification to <strong>the</strong> application, but one that will allow <strong>the</strong> outputted data to be more<br />
easily read by o<strong>the</strong>r applications. This is not formatted in true XML but it does use <strong>the</strong> opening <strong>and</strong><br />
closing tags for each string <strong>of</strong> information. For example <br />
2. Using <strong>the</strong> supplied sample code provided by <strong>Bill</strong>’s Advanced Security <strong>and</strong> Forensic Computing<br />
module, a test application was developed that would allow for <strong>the</strong> program to be reconstructed from<br />
a windows environment to a console one. It was also modified so that <strong>the</strong> public <strong>and</strong> private keys<br />
were automatically generated when a client connects to <strong>the</strong> server. The public key is <strong>the</strong>n sent to<br />
<strong>the</strong> server <strong>and</strong> allows for secure communication between <strong>the</strong>m both. This worked fine for small<br />
amounts <strong>of</strong> information being sent, but larger amounts caused <strong>the</strong> RSA function to crash, this was<br />
probably because <strong>the</strong> key being used was smaller than <strong>the</strong> message that is being sent – it was<br />
resolved by breaking <strong>the</strong> original message into smaller sections <strong>and</strong> <strong>the</strong>n encrypting each section<br />
<strong>and</strong> rebuilding <strong>the</strong> original message at <strong>the</strong> server. The next problem encountered was an “Invalid<br />
character” error in <strong>the</strong> decrypted string, after a lot <strong>of</strong> time investigating this it turned out to be <strong>the</strong><br />
size <strong>of</strong> <strong>the</strong> TCP packets were too small <strong>and</strong> some information was being dropped.<br />
3. A very simple application was developed that uses a ‘for loop’ to generate 1000 text files that are all<br />
sequentially numbered from 0 to 999. The event monitoring s<strong>of</strong>tware is started up <strong>and</strong> its logs are<br />
manually checked to ensure that it has captured all <strong>of</strong> <strong>the</strong>se events. Initially it failed to log all <strong>of</strong> <strong>the</strong><br />
events but this was easily sorted by increasing <strong>the</strong> buffer size that <strong>the</strong> ‘FileSystemWatcher’ uses.<br />
Supervisor’s Comments:<br />
Version 2<br />
Napier University
![Unit 5. Switches and VLANs [PDF]](https://img.yumpu.com/34422504/1/184x260/unit-5-switches-and-vlans-pdf.jpg?quality=85)
Change language