Digital Forensics

Modeling System Activity Logging for Evidence Collection

ABSTRACT

System activity logs create an ongoing history of chronologically ordered records that describe events taking place in a computing system. Although system activity logs were originally designed for performance monitoring and troubleshooting, they can be used to collect forensic evidence.  This paper develops a generic ‘technology-independent’ model of an event reporting service. The paper finds three key features that determine data collection capability – ‘event detection’, ‘event selection’ and ‘event description’. Design constraints in each of these features typically found in mainstream operating systems are identified and the limitations imposed on the forensic evidence collection capability of modern operating systems are discussed.

An Academic Approach to Digital Forensics

ABSTRACT

Digital forensics as a field of study creates a number of challenges when it comes to the academic environment. The aim of this paper is to explore these challenges in relation to learning and teaching theories. We discuss our approach and methods of educating digital forensic investigators based on the learning axioms and models, and we also present the learning environments we develop for our scholars.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.234.6664
  • jiw@gbpts.com