Sufficiency of Windows Event log as Evidence in Digital Forensics

Ibrahim, Nurdeen and Al-Nemrat, Ameer and Jahankhani, Hamid and Bashroush, Rabih (2011) ‘Sufficiency of Windows Event log as Evidence in Digital Forensics’, Proceedings of the 7th International Conference on Global Security, Safety & Sustainability (ICGS3). Greece, August 2011.

[img]
Preview
Text
Sufficiency of Windows Event log as Evidence in Digital Forensics2.pdf - Accepted Version
Available under License Creative Commons Attribution No Derivatives.

Download (423Kb) | Preview

Abstract

The prevalence of computer and the internet has brought forth the increasing spate of cybercrime activities; hence the need for evidence to attribute a crime to a suspect. The research therefore, centres on evidence, the legal standards applied to digital evidence presented in court and the main sources of evidence in the Windows operating system, such as the Registry, slack space and the Windows event log. In order to achieve the main aim of this research, cybercrime activities such as automated password guessing attack and hacking was emulated on to a Windows operating system within a virtual network environment set up using VMware workstation. After the attack the event logs on the victim system was analysed and assessed for its admissibility (evidence must conform to certain legal rules), and weight (evidence must convince the court that the accused committed the crime).

Item Type: Conference or Event Item (Paper)
Additional Information: Citation: N. Ibrahim, A. Al-Nemrat, H. Jahankhani and R. Bashroush, “Sufficiency of Windows Event log as Evidence in Digital Forensics”, in Proceedings of the 7th International Conference on Global Security, Safety & Sustainability (ICGS3), Greece, August 2011..
Divisions: Schools > Architecture Computing and Engineering, School of
Depositing User: Rabih Bashroush
Date Deposited: 12 Apr 2012 22:52
Last Modified: 12 Oct 2012 14:00
URI: http://hdl.handle.net/10552/1536

Actions (login required)

View Item View Item