Title :
Exemplifying Attack Identification and Analysis in a Novel Forensically Viable Syslog Model
Author :
Monteiro, Steena Dominica Steven ; Erbacher, Robert F.
Author_Institution :
Dept. of Comput. Sci., Utah State Univ., Logan, UT
Abstract :
This research builds on our method for validating syslog entries proposed in [5]. The goal of the proposed method is to allow syslog files to be forensically viable. The goal with this phase of the work is to implement the proposed method and evaluate the forensic validity of the method under real-world conditions. This paper discusses that implementation and the ability for the generated authentication logs and access fingerprints to both identify malicious activity and identify the source of this activity. While work has been done to develop secure log files, i.e., making them tamper resistant, there has been no prior work to ensure they are forensically valid.
Keywords :
computer crime; message authentication; Syslog model; authentication log; computer forensic; Authentication; Computer networks; Computer science; Digital forensics; Drives; Fingerprint recognition; Frequency; Guns; Protocols; Security; Digital Forensics; Forensic Validity; Syslog Authentication;
Conference_Titel :
Systematic Approaches to Digital Forensic Engineering, 2008. SADFE '08. Third International Workshop on
Conference_Location :
Oakland, CA
Print_ISBN :
978-0-7695-3171-7
DOI :
10.1109/SADFE.2008.14
