Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
AUSFORENSICS
2003
2003
ECF - Event Correlation for Forensics
The focus of the research described in this paper is on the nature of the event information provided in commonly available computer and other logs and the extent to which it is possible to correlate such event information despite its heterogeneous nature and origins. The strategic purpose of the research has been to develop a means by which a consolidated repository of such information can be constituted and then queried in order to provide an investigator with post hoc event correlation for forensics purposes (ECF). The paper provides an account of the log processing techniques utilized, and the nature of the database and query engine that have been developed in our current prototype and two examples of scenarios investigated and identified by the current prototype. Keywords Event correlation, computer forensics, logs, events, heterogeneous event logs
Real-time TrafficAUSFORENSICS 2003 | Event Correlation | Event Information | Forensic Engineering | Hoc Event Correlation |
Related Content
| Added | 31 Oct 2010 |
| Updated | 31 Oct 2010 |
| Type | Conference |
| Year | 2003 |
| Where | AUSFORENSICS |
| Authors | George M. Mohay, Kevin Chen, Andrew Clark |
Comments (0)
Researcher Info
|
