An analysis of Microsoft event logs

Microsoft Windows event logs are central to conducting an investigation when determining whether or not a virus has been installed on a targeted system. However, there was very little substantial research about Windows event logs and how they are used in conducting an investigation. This research explores forensic artifacts recovered during an investigation to determine whether virus activity may be involved. The research describes the relevance of the event logs and discusses various techniques used for investigators to collect and examine the logs. Three viruses, Fizzer, Zeus, and MyDoom were installed and run in virtual machines to determine what events will populate in the logs. This research also explains best practices regarding the use of Windows event logs in an investigation.

[1]  Caroline Allinson Refereed Papers: Information Systems Audit Trails in Legal Proceedings as Evidence , 2001 .

[2]  Ryan D. Pittman,et al.  Windows Forensic Analysis , 2010 .

[3]  Ian Chivers Networking and Security , 2001 .

[4]  Sarah V. Hart,et al.  Forensic Examination of Digital Evidence: A Guide for Law Enforcement , 2014 .

[5]  Dan Wing Network Address Translation: Extending the Internet Address Space , 2010, IEEE Internet Computing.

[6]  Deborah A. Frincke,et al.  A Theoretical Framework for Organizational Network Forensic Readiness , 2007, J. Comput..

[7]  Ewa Huebner,et al.  Computer forensics: past, present and future , 2003, Inf. Secur. Tech. Rep..

[8]  Gio Wiederhold,et al.  Knowledge bases , 1985, Future Gener. Comput. Syst..

[9]  Chris Peters,et al.  Evaluating journalism through popular culture: HBO’s The Newsroom and public reflections on the state of the news media , 2015 .

[10]  Christopher L. T. Brown Computer Evidence: Collection and Preservation , 2009 .

[11]  Rick Wash,et al.  Organization Interfaces—collaborative computing General Terms , 2022 .

[12]  Chad Steel Windows forensics : the field guide for conducting corporate computer investigations , 2006 .

[13]  Zinta S. Byrne,et al.  The Psychology of Security for the Home Computer User , 2012, 2012 IEEE Symposium on Security and Privacy.

[14]  T. Jordan,et al.  A Sociology of Hackers , 1998 .

[15]  D CarrierBrian,et al.  A hardware-based memory acquisition procedure for digital investigations , 2004 .

[16]  Ryan Johnson,et al.  Mastering Windows Network Forensics and Investigation , 2007 .

[17]  Deitel Operating System , 2008 .

[18]  Carlos Cid,et al.  Techniques and Tools for Recovering and Analyzing Data from Volatile Memory , 2009 .

[19]  Brian D. Carrier Defining Digital Forensic Examination and Analysis Tool Using Abstraction Layers , 2003, Int. J. Digit. EVid..

[20]  Гарнаева Мария Александровна,et al.  Kaspersky security Bulletin 2013 , 2014 .

[21]  Rajiv Lal,et al.  United States Army , 2004 .

[22]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .