A survey on forensic investigation of operating system logs

被引:26
|
作者
Studiawan, Hudan [1 ]
Sohel, Ferdous [1 ]
Payne, Christian [1 ]
机构
[1] Murdoch Univ, Discipline Informat Technol Math & Stat, Perth, WA, Australia
来源
DIGITAL INVESTIGATION | 2019年 / 29卷
关键词
Operating system logs; Event logs; Log forensics; Log tamper detection; Event correlation; Event reconstruction; Event anomaly; DIGITAL FORENSICS; RETRIEVING KNOWLEDGE; NETWORK FORENSICS; COMPUTER; FILES; RECONSTRUCTION; INCONSISTENCY; PROVENANCE; INTERNET; MODEL;
D O I
10.1016/j.diin.2019.02.005
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Event logs are one of the most important sources of digital evidence for forensic investigation because they record essential activities on the system. In this paper, we present a comprehensive literature survey of the forensic analysis on operating system logs. We present a taxonomy of various techniques used in this area. Additionally, we discuss the tools that support the examination of the event logs. This survey also gives a review of the publicly available datasets that are used in operating system log forensics research. Finally, we suggest potential future directions on the topic of operating system log forensics. (C) 2019 Elsevier Ltd. All rights reserved.
引用
收藏
页码:1 / 20
页数:20
相关论文
共 50 条
  • [21] ServerRCA: Root Cause Analysis for Server Failure using Operating System Logs
    Shi, Jiahao
    Jiang, Sihang
    Xu, Bo
    Xiao, Yanghua
    2023 IEEE 34TH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING, ISSRE, 2023, : 486 - 496
  • [22] User and Device Tracking in Private Networks by Correlating Logs: A System for Responsive Forensic Analysis
    Chaudhari, Swati
    Chauhan, Hitendra
    Tomar, S. S.
    Rawat, Anil
    2014 FOURTH INTERNATIONAL CONFERENCE ON COMMUNICATION SYSTEMS AND NETWORK TECHNOLOGIES (CSNT), 2014, : 1142 - 1147
  • [23] Unsupervised Signature Extraction from Forensic Logs
    Thaler, Stefan
    Menkovski, Vlado
    Petkovic, Milan
    MACHINE LEARNING AND KNOWLEDGE DISCOVERY IN DATABASES, ECML PKDD 2017, PT III, 2017, 10536 : 305 - 316
  • [24] Modular robotic system for forensic investigation support
    Kowalski, Grzegorz
    Glowka, Jakub
    Macias, Mateusz
    Puchalski, Slawomir
    COUNTERTERRORISM, CRIME FIGHTING, FORENSICS, AND SURVEILLANCE TECHNOLOGIES, 2017, 10441
  • [25] Forensic Investigation of the OneSwarm Anonymous Filesharing System
    Prusty, Swagatika
    Levine, Brian Neil
    Liberatore, Marc
    PROCEEDINGS OF THE 18TH ACM CONFERENCE ON COMPUTER & COMMUNICATIONS SECURITY (CCS 11), 2011, : 201 - 213
  • [26] DEPCOMM: Graph Summarization on System Audit Logs for Attack Investigation
    Xu, Zhiqiang
    Fang, Pengcheng
    Liu, Changlin
    Xiao, Xusheng
    Wen, Yu
    Meng, Dan
    43RD IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2022), 2022, : 540 - 557
  • [27] A System for Formal Digital Forensic Investigation Aware of Anti-Forensic Attacks
    Rekhis, Slim
    Boudriga, Noureddine
    IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2012, 7 (02) : 635 - 650
  • [28] Survey on Security of Robot Operating System ROS
    Lu J.-J.
    Qin Y.-C.
    Liu Z.-Z.
    Tang Z.
    Zhang Y.-J.
    Li K.-L.
    Ruan Jian Xue Bao/Journal of Software, 2024, 35 (02): : 1010 - 1027
  • [29] A secure operating system for data centers: A survey
    Ejaz, Sikandar
    Iqbal, Muhammad Javed
    Bibi, Hafsa
    Pervez, Shahbaz
    Al-Dhlan, Kawther A.
    Hosseini, Seyed Ebrahim
    INTERNATIONAL JOURNAL OF ADVANCED AND APPLIED SCIENCES, 2020, 7 (08): : 53 - 64
  • [30] A survey of operating system support for persistent memory
    Miao CAI
    Hao HUANG
    Frontiers of Computer Science, 2021, (04) : 13 - 32
12345