Windows Event Forensic Process - Advances in Digital Forensics X
Conference Papers Year : 2014

Windows Event Forensic Process

Abstract

Event logs provide an audit trail that records user events and activities on a computer and are a potential source of evidence in digital forensic investigations. This paper presents a Windows event forensic process (WinEFP) for analyzing Windows operating system event log files. The WinEFP covers a number of relevant events that are encountered in Windows forensics. As such, it provides practitioners with guidance on the use of Windows event logs in digital forensic investigations.
Fichier principal
Vignette du fichier
978-3-662-44952-3_7_Chapter.pdf (789.56 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01393763 , version 1 (08-11-2016)

Licence

Identifiers

Cite

Quang Do, Ben Martini, Jonathan Looi, Yu Wang, Kim-Kwang Choo. Windows Event Forensic Process. 10th IFIP International Conference on Digital Forensics (DF), Jan 2014, Vienna, Austria. pp.87-100, ⟨10.1007/978-3-662-44952-3_7⟩. ⟨hal-01393763⟩
198 View
4982 Download

Altmetric

Share

More