| |
Overview of Project Content and Milestones
The event log within Windows is not dependable from a forensics point-of-view, as it often gives messages that are difficult to understand, and it can be easily modified and deleted by users of a machine. This project aims to determine the weaknesses of the event log, and propose a method of recording actions and events on a host, in order that it can provide effective forensics information.
The Main Deliverable(s)
Investigation of event log within Windows, including its weaknesses.
Design and implementation of an event logging system, which monitors key activities on a system.
Design and implementation of a verifiable event system, which can only be viewed or modified by authenticated users.
Evaluation of the system in terms of key metrics, such as for system performance, and quality of information provided.
The Target Audience for the Deliverable(s)
Security systems.
e-Forensic applications.
The Work to be Undertaken
Investigation of event logs.
Design and implementation of an effective event logger.
Design and implementation of authentication for reading/modifying event logs.
Evaluation of the performance of the system, in terms of key metrics, such as log size, system overhead, and so on.
Additional Information / Knowledge Required
The project will use the .NET framework with C#, and training and support will be provided.
Information Sources that Provide a Context for the Project
1. Event logging in .NET. http://www.codeproject.com/csharp/custwineventloggerapp.asp [Link]
2. James C. Reynolds, Lawrence A. Clough (2003), Continual repair for windows using the event log, Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security.
3. NetForensics, "NetForensics," http://www.netforensics.com/, 2003. [Link]
4. Jonathon Abbott, Jim Bell, Andrew Clark, Olivier De Vel, George Mohay (2006), Computer forensics (CF): Automated recognition of event scenarios for digital forensics. April 2006 Proceedings of the 2006 ACM symposium on Applied computing SAC '06
The Importance of the Project
Effective tracking of event is important in tracing activities, such as the propagation of a virus or in debugging a fault in software applications. This system will provide a more dependable system for event logging, especially focused on certain activities.
The Key Challenge(s) to be Overcome
The major challenges are in the hooking of events in Windows, and in the secure storage of the information.
|
