论文信息 - Complexity Analysis of Retrieving Knowledge from Auditing Log Files for Computer and Network Forensics and Accountability

Complexity Analysis of Retrieving Knowledge from Auditing Log Files for Computer and Network Forensics and Accountability

Behaviors of users in a computer or a computer network can be observed by system authorities via logs of all the actions. In a computer or network system, if at some point the fact that the content of a secret file is leaking has been already known, to figure out the reasons of the leaking, we can search partial or entire log files to find out direct or indirect accesses to the file; since a user who accessed the secret before may send messages containing the secret to other users (the secret is leaking due to indirect accesses) via packets in a computer network, or via pipe/FIFO/message-queue/etc. in a computer system, finding the reasons of the leaking is not a trivial task. In this paper, we analyze and simulate the complexity of retrieving knowledge from the computer and network auditing log database for forensics and accountability.

Daisuke Takahashi | Yang Xiao | Yang Xiao | Daisuke Takahashi

[1] Brian D. Carrier,et al. File System Forensic Analysis , 2005 .

[2] Daisuke Takahashi,et al. Retrieving knowledge from auditing log-files for computer and network forensics and accountability , 2008, Secur. Commun. Networks.

[3] Warren G. Kruse,et al. Computer Forensics: Incident Response Essentials , 2001 .

[4] Yang Xiao. Accountability for wireless LANs, ad hoc networks, and wireless mesh networks , 2008, IEEE Communications Magazine.