Event logs are one of the most important sources of digital evidence for forensic investigation because they record essential activities on the system. In this paper, we present a comprehensive literature survey of the forensic analysis on operating system logs. We present a taxonomy of various techniques used in this area. Additionally, we discuss the tools that support the examination of the event logs. This survey also gives a review of the publicly available datasets that are used in operating system log forensics research. Finally, we suggest potential future directions on the topic of operating system log forensics.

中文翻译：

---

操作系统日志取证调查的调查

事件日志是法医调查最重要的数字证据来源之一，因为它们记录了系统中的基本活动。本文中，我们对操作系统日志的取证分析进行了全面的文献综述。我们介绍了此领域中使用的各种技术的分类法。此外，我们讨论了支持检查事件日志的工具。该调查还回顾了操作系统日志取证研究中使用的公共可用数据集。最后，我们建议有关操作系统日志取证的主题的潜在未来方向。