Windows Event Forensic Process - Advances in Digital Forensics X
Conference Papers Year : 2014

Windows Event Forensic Process

Abstract

Event logs provide an audit trail that records user events and activities on a computer and are a potential source of evidence in digital forensic investigations. This paper presents a Windows event forensic process (WinEFP) for analyzing Windows operating system event log files. The WinEFP covers a number of relevant events that are encountered in Windows forensics. As such, it provides practitioners with guidance on the use of Windows event logs in digital forensic investigations.

Domains

Computer Science [cs]
Fichier principal
Vignette du fichier
978-3-662-44952-3_7_Chapter.pdf (789.56 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Hal Ifip  : Connect in order to contact the contributor

https://inria.hal.science/hal-01393763

Submitted on : Tuesday, November 8, 2016-10:47:26 AM

Last modification on : Thursday, March 5, 2020-4:46:28 PM

Long-term archiving on : Tuesday, March 14, 2017-10:37:37 PM

Download

Dates and versions

hal-01393763 , version 1 (08-11-2016)

Licence

Attribution

Identifiers

Cite

Quang Do, Ben Martini, Jonathan Looi, Yu Wang, Kim-Kwang Choo. Windows Event Forensic Process. 10th IFIP International Conference on Digital Forensics (DF), Jan 2014, Vienna, Austria. pp.87-100, ⟨10.1007/978-3-662-44952-3_7⟩. ⟨hal-01393763⟩

Export

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

IFIP-LNCS IFIP IFIP-AICT IFIP-TC IFIP-WG IFIP-TC11 IFIP-DF IFIP-WG11-9 IFIP-AICT-433
196 View
4967 Download

Altmetric

Share

More