Sufficiency of Windows Event Log as Evidence in Digital Forensics
作者: Nurdeen M. Ibrahim , Ameer Al-Nemrat , Hamid Jahankhani , Rabih Bashroush
DOI: 10.1007/978-3-642-33448-1_34
关键词:
摘要: The prevalence of computer and the internet has brought forth increasing spate cybercrime activities; hence need for evidence to attribute a crime suspect. research therefore, centres on evidence, legal standards applied digital presented in court main sources Windows OS, such as Registry, slack space event log. In order achieve aim this research, activities automated password guessing attack hacking was emulated OS within virtual network environment set up using VMware workstation. After logs victim system analysed assessed its admissibility (evidence must conform certain rules), weight convince that accused committed crime).
uel.ac.uk
springer.com
sci-hub.st 参考文章(6)
Peter Sommer, None, Intrusion detection systems as evidence Computer Networks. ,vol. 31, pp. 2477- 2487 ,(1999) , 10.1016/S1389-1286(99)00113-9
Shiuh-Jeng Wang, Measures of retaining digital evidence to prosecute computer-based cyber-crimes Computer Standards & Interfaces. ,vol. 29, pp. 216- 223 ,(2007) , 10.1016/J.CSI.2006.03.008
Andreas Schuster, Introducing the Microsoft Vista event log file format Digital Investigation. ,vol. 4, pp. 65- 72 ,(2007) , 10.1016/J.DIIN.2007.06.015
Yun Wang, James Cannady, James Rosenbluth, Foundations of computer forensics: A technology for the fight against computer crime Computer Law & Security Review. ,vol. 21, pp. 119- 127 ,(2005) , 10.1016/J.CLSR.2005.02.007
Erin E. Kenneally, Digital logs-proof matters Digital Investigation. ,vol. 1, pp. 94- 101 ,(2004) , 10.1016/J.DIIN.2004.01.006
Kaveesh Dashora, Deepak Singh Tomar, J.L. Rana, A Practical Approach for Evidence Gathering in Windows Environment International Journal of Computer Applications. ,vol. 5, pp. 21- 27 ,(2010) , 10.5120/948-1326