Title :
A Log Correlation Model to Support the Evidence Search Process in a Forensic Investigation
Author :
Herrerias, Jorge ; Gomez, Roberto
Author_Institution :
Dept. of Comput. Sci., ITESM-CEM, Mexico City
Abstract :
Computer forensics searches for evidence to reassemble the actions that led the system from a secure state to the moment an intrusion was detected. The main source of data for a forensic investigation is the information provided by log files. Log files are generated by applications to keep a register of the actions occurred on the system. However, the massive amount of recorded events complicates the forensic investigation. A model composed by a set of agents in order to collect, filter, normalize, and to correlate events coming from diverse log files is proposed in this paper. The purpose of the model is to assist the analyst in the evidence search process of a forensic investigation
Keywords :
computer crime; computer forensics; evidence search process; forensic investigation; log correlation model; Application software; Computer science; Engines; Filters; Forensics; Information security; Internet; Intrusion detection; Operating systems; Registers;
Conference_Titel :
Systematic Approaches to Digital Forensic Engineering, 2007. SADFE 2007. Second International Workshop on
Conference_Location :
Bell Harbor, WA
Print_ISBN :
0-7695-2808-2
Electronic_ISBN :
0-7695-2808-2
DOI :
10.1109/SADFE.2007.1
