Title :
Log Analysis Towards an Automated Forensic Diagnosis System
Author :
Herrerias, J. ; Gomez, Raquel
Author_Institution :
Comput. Sci. Dept., Tecnol. de Monterrey, Zaragoza, Mexico
Abstract :
Computer forensics investigations are based on the evidence search process to determine the intruder techniques and activities. Current tools are mainly focused in gathering evidence from the target system however its analysis is a highly complicated task. In this paper, we present an Automated Forensic Diagnosis System composed by a Knowledge Attack Base and a series of log analysis processes working all together to reconstruct the attack actions after a security incident occurred. The log analysis is carried out by an Event Correlation Module which helps detecting multi-step attacks as well as reducing the false positive rate. The goal is to assist the forensic investigator reducing the time and complexity of the process.
Keywords :
computer forensics; knowledge based systems; system monitoring; automated forensic diagnosis system; computer forensics; event correlation module; false positive rate; knowledge attack base; log analysis; Availability; Computer science; Computer security; Correlation; Event detection; Forensics; Information analysis; Inspection; Proposals; Telecommunication traffic; computer forensics; event correlation; log analysis;
Conference_Titel :
Availability, Reliability, and Security, 2010. ARES '10 International Conference on
Conference_Location :
Krakow
Print_ISBN :
978-1-4244-5879-0
DOI :
10.1109/ARES.2010.120
