An Automated Log Analyzer for Digital Forensics Investigation

Article Sidebar

JIST Vol2. No1.
pdf
Published: Jun 27, 2011
DOI: https://doi.org/10.14456/jist.2011.4
Keywords:
Network forensics log analysis digital forensics intrusion detection

Main Article Content

มงคล พิรารักษ์
Faculty of Information Science and Information Technology, Mahanakorn University of Technology
ศุภกร กังพิศดาร
Faculty of Information Science and Information Technology, Mahanakorn University of Technology

Abstract

- In this paper, we propose a study and development of an automated log analyzer in order to acquire critical evidence of crime and find potential suspects. We analyze several existingnetwork forensics models and propose a new model for automated log analyzer that can provide andsummarize necessary evidence. We create a prototype of the proposed model. The results of ourimplementation show that the proposed model can assist users analyze and report evidence for forensics investigation.

Article Details

How to Cite
[1]
พิรารักษ์ ม. and กังพิศดาร ศ., “An Automated Log Analyzer for Digital Forensics Investigation”, JIST, vol. 2, no. 1, pp. 31–40, Jun. 2011.
Issue
Vol. 2 No. 1 (2011): Journal of Information Science and Technology (JIST) [Jan. 2011 - Jun. 2011]
Section
Research Article: Soft Computing (Detail in Scope of Journal)

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

I/we certify that I/we have participated sufficiently in the intellectual content, conception and design of this work or the analysis and interpretation of the data (when applicable), as well as the writing of the manuscript, to take public responsibility for it and have agreed to have my/our name listed as a contributor. I/we believe the manuscript represents valid work. Neither this manuscript nor one with substantially similar content under my/our authorship has been published or is being considered for publication elsewhere, except as described in the covering letter. I/we certify that all the data collected during the study is presented in this manuscript and no data from the study has been or will be published separately. I/we attest that, if requested by the editors, I/we will provide the data/information or will cooperate fully in obtaining and providing the data/information on which the manuscript is based, for examination by the editors or their assignees. Financial interests, direct or indirect, that exist or may be perceived to exist for individual contributors in connection with the content of this paper have been disclosed in the cover letter. Sources of outside support of the project are named in the cover letter.
I/We hereby transfer(s), assign(s), or otherwise convey(s) all copyright ownership, including any and all rights incidental thereto, exclusively to the Journal, in the event that such work is published by the Journal. The Journal shall own the work, including 1) copyright; 2) the right to grant permission to republish the article in whole or in part, with or without fee; 3) the right to produce preprints or reprints and translate into languages other than English for sale or free distribution; and 4) the right to republish the work in a collection of articles in any other mechanical or electronic format.
We give the rights to the corresponding author to make necessary changes as per the request of the journal, do the rest of the correspondence on our behalf and he/she will act as the guarantor for the manuscript on our behalf.
All persons who have made substantial contributions to the work reported in the manuscript, but who are not contributors, are named in the Acknowledgment and have given me/us their written permission to be named. If I/we do not include an Acknowledgment that means I/we have not received substantial contributions from non-contributors and no contributor has been omitted.

References

1. E. S. Pilli, R. C. Joshi, and R. Niyogi. Network Forensic Framework: Survey and Research Challenges. Digital Investigation (2010), doi:10.1016/j.diin.2010.02.003..

2. C. Lin, L. Zhitang, and G. Cuixia. Automated Analysis of Multi-source Logs for Network Forensics. 2009 First International Workshop on Education Technology and Computer Science.

3. B. J. Nikkel. Generalizing Sources of Live Network Evidence. Digital Investigation (2005) 2, 193-200..

4. Bruce J. Nikkel. A portable network forensic evidence collector. Digital investigation (2006) 3, 127–135.

5. Hou Ming, Shen LiZhong. A New System Design of Network Invastion Forensics. 2009 Second International Conference on Computer and Electrical Engineering.

6. ณัฐพล กิตติรุ่งเรือง, พงษ์สุรีย์ ลิTมมณีวิจิตร, ศุภกรกังพิศดาร.การออกแบบและพัฒนาล็อคเซิร์ฟเวอร์สำหรับระบบปฎิบัติการวินโดวส์

7. Tcpdump, http://www.tcpdump.org/

8. Wireshark, http://www.wireshark.org/

9. pads, http://www.mentor.com/products/pcb-systemdesign/design-flows/pads/

10. Sebek, http://www.honeynet.org/project/sebek

11. ntop, http://www.ntop.org/news.php

12. P0f, http://freshmeat.net/projects/p0f/

13. Bro, http://www.bro-ids.org/

14. Snort, http://www.snort.org/

15. TCPFlow,http://www.circlemud.org/jelson/software/tcpflow

16. NfDump, http://sourceforge.net/projects/nfdump/

17. TCPReplay, http://tcpreplay.synfin.net/trac/

18. Flow-tools, http://www.splintered.net/sw/flow-tools

19. AES (Advanced Encryption Standard),http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

20. SHA-1, http://en.wikipedia.org/wiki/SHA-1

21. Base64, http://en.wikipedia.org/wiki/Base64