Digital Investigation ( IF 2.860 ) Pub Date : 2019-03-04 , DOI: 10.1016/j.diin.2019.02.005 Hudan Studiawan , Ferdous Sohel , Christian Payne
Event logs are one of the most important sources of digital evidence for forensic investigation because they record essential activities on the system. In this paper, we present a comprehensive literature survey of the forensic analysis on operating system logs. We present a taxonomy of various techniques used in this area. Additionally, we discuss the tools that support the examination of the event logs. This survey also gives a review of the publicly available datasets that are used in operating system log forensics research. Finally, we suggest potential future directions on the topic of operating system log forensics.
中文翻译:
操作系统日志取证调查的调查
事件日志是法医调查最重要的数字证据来源之一,因为它们记录了系统中的基本活动。本文中,我们对操作系统日志的取证分析进行了全面的文献综述。我们介绍了此领域中使用的各种技术的分类法。此外,我们讨论了支持检查事件日志的工具。该调查还回顾了操作系统日志取证研究中使用的公共可用数据集。最后,我们建议有关操作系统日志取证的主题的潜在未来方向。