ECF - Event Correlation for Forensics
نویسندگان
چکیده
The focus of the research described in this paper is on the nature of the event information provided in commonly available computer and other logs and the extent to which it is possible to correlate such event information despite its heterogeneous nature and origins. The strategic purpose of the research has been to develop a means by which a consolidated repository of such information can be constituted and then queried in order to provide an investigator with post hoc event correlation for forensics purposes (ECF). The paper provides an account of the log processing techniques utilized, and the nature of the database and query engine that have been developed in our current prototype and two examples of scenarios investigated and identified by the current prototype.
منابع مشابه
Automated Windows event log forensics
This paper proposes methods to automate recovery and analysis of Windows NT5 (XP and 2003) event logs for computer forensics. Requirements are formulated and methods are evaluated with respect to motivation and process models. A new, freely available tool is presented that, based on these requirements, automates the repair of a common type of corruption often observed in data carved NT5 event l...
متن کاملRich Event Representation for Computer Forensics
Recent advances in computer internetworking and continued increases in Internet usage have been accompanied by a continued increase in the incidence of computer related crime. At the same time, the number of sources of potential evidence in any particular computer forensic investigation has grown considerably, as evidence of the occurrence of relevant events can potentially be drawn not only fr...
متن کاملGeneralising Event Forensics Across Multiple Domains
In cases involving computer related crime, event oriented evidence such as computer event logs, and telephone call records are coming under increased scrutiny. The amount of technical knowledge required to manually interpret event logs encompasses multiple domains of expertise, ranging from computer networking to forensic accounting. Automated methods of classifying events and patterns of event...
متن کاملA Spatiotemporal Event Correlation Approach to Computer Security
Correlation is a recognized technique in security to improve the effectiveness of threat identification and analysis process. Existing correlation approaches mostly focus on correlating temporally located events, or combining alerts from multiple intrusion detection systems. Such approaches either generate high false alarm rates due to single host activity changes, or fail to detect stealthy at...
متن کاملECF micropump fabricated by electroforming with novel self-aligned micro-molding technology
This paper proposes and presents a novel ECF (electro-conjugate fluid) micropump with TPSEs (triangular prism and slit electrode pair) fabricated by electroforming process using newly developed self-aligned micro molds. ECF is a kind of functional and dielectric fluid. ECF micropump is based on the principle of ECF jet, which is a powerful and active jet flow generated between electrodes immerg...
متن کامل