论文信息 - Sufficiency of Windows Event Log as Evidence in Digital Forensics

Sufficiency of Windows Event Log as Evidence in Digital Forensics

The prevalence of computer and the internet has brought forth the increasing spate of cybercrime activities; hence the need for evidence to attribute a crime to a suspect. The research therefore, centres on evidence, the legal standards applied to digital evidence presented in court and the main sources of evidence in the Windows OS, such as the Registry, slack space and the Windows event log. In order to achieve the main aim of this research, cybercrime activities such as automated password guessing attack and hacking was emulated on to a Windows OS within a virtual network environment set up using VMware workstation. After the attack the event logs on the victim system was analysed and assessed for its admissibility (evidence must conform to certain legal rules), and weight (evidence must convince the court that the accused committed the crime).

Rabih Bashroush | Hamid Jahankhani | Ameer Al-Nemrat | Nurdeen M. Ibrahim

[1] Yun Wang,et al. Foundations of computer forensics: A technology for the fight against computer crime , 2005, Comput. Law Secur. Rev..

[2] Deepak Singh Tomar,et al. A Practical Approach for Evidence Gathering in Windows Environment , 2010 .

[3] R. Jones,et al. Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet , 2003, Int. J. Law Inf. Technol..

[4] Shiuh-Jeng Wang,et al. Measures of retaining digital evidence to prosecute computer-based cyber-crimes , 2007, Comput. Stand. Interfaces.

[5] Friedrich-Ebert-Allee. Introducing the Microsoft Vista event log file format , 2022 .

[6] Erin Kenneally. Digital logs - proof matters , 2004, Digit. Investig..

[7] Peter Sommer,et al. Intrusion detection systems as evidence , 1999, Comput. Networks.

[8] Abdul Azim Abd Ghani,et al. Advances in computer forensics , 2008 .

[9] Chad Steel. Windows Forensics: The Field Guide for Corporate Computer Investigations , 2006 .