A survey on forensic investigation of operating system logs

Hudan Studiawan*, Ferdous Sohel, Christian Payne

*Corresponding author for this work

Research output: Contribution to journalReview articlepeer-review

35 Citations (Scopus)

Abstract

Event logs are one of the most important sources of digital evidence for forensic investigation because they record essential activities on the system. In this paper, we present a comprehensive literature survey of the forensic analysis on operating system logs. We present a taxonomy of various techniques used in this area. Additionally, we discuss the tools that support the examination of the event logs. This survey also gives a review of the publicly available datasets that are used in operating system log forensics research. Finally, we suggest potential future directions on the topic of operating system log forensics.

Original languageEnglish
Pages (from-to)1-20
Number of pages20
JournalDigital Investigation
Volume29
DOIs
Publication statusPublished - Jun 2019
Externally publishedYes

Keywords

  • Event anomaly
  • Event correlation
  • Event logs
  • Event reconstruction
  • Log forensics
  • Log tamper detection
  • Operating system logs

Fingerprint

Dive into the research topics of 'A survey on forensic investigation of operating system logs'. Together they form a unique fingerprint.

Cite this