A survey on forensic investigation of operating system logs

Hudan Studiawan*, Ferdous Sohel, Christian Payne

*Corresponding author for this work

Research output: Contribution to journalReview articlepeer-review

35 Citations (Scopus)


Event logs are one of the most important sources of digital evidence for forensic investigation because they record essential activities on the system. In this paper, we present a comprehensive literature survey of the forensic analysis on operating system logs. We present a taxonomy of various techniques used in this area. Additionally, we discuss the tools that support the examination of the event logs. This survey also gives a review of the publicly available datasets that are used in operating system log forensics research. Finally, we suggest potential future directions on the topic of operating system log forensics.

Original languageEnglish
Pages (from-to)1-20
Number of pages20
JournalDigital Investigation
Publication statusPublished - Jun 2019
Externally publishedYes


  • Event anomaly
  • Event correlation
  • Event logs
  • Event reconstruction
  • Log forensics
  • Log tamper detection
  • Operating system logs


Dive into the research topics of 'A survey on forensic investigation of operating system logs'. Together they form a unique fingerprint.

Cite this