Role Of Security Audits On Computer Forensics

1239 Words5 Pages
Role of Security Audit Logs in Computer Forensics Sanjeev Shrestha Dept. Computer Science University of Idaho Abstract A large number of real-world applications, use audit trails or logs to keep in track of system usage and error handling information. Security aspect of these log files and their retrieval from an untrusted machine becomes a topic of vital importance in computer forensics investigation [2, 3]. Accurate retrieval of data from these log files for gathering information is another important aspect in computer forensics [4]. In this paper, we look at the research for securing the log files in unsafe environment. The paper further will further look into how data is indexed and retrieved from…show more content…
1.2 Organization of Content in Paper The rest of the paper is organized into various different sections as follows. In section 2, we give a brief outline of the approaches for securing both the audit log files and well as the audit logs server along with other security mechanisms. The third section includes a brief study of how we can index and retrieve the data for any forensic investigation which may be quite essential in a fast paced criminal investigation. The fourth section discusses in depth about the use of the valuable information uncovered using log files and how they can help us find important patterns. 2. Description of Alternative Approaches In this paper, mainly two ideas to secure the information in audit logs have been defined. One of the first approaches is to secure only the audit files from attacker, such that, even if the machine is compromised, the attacker will obtain no or very little knowledge from the current log files and is not able to plant false information in the log file itself. The second approach is more concerned with the securing the Log server itself by using encryption as well as dynamic IP techniques. Both the methods have been defined in detail below. 2.1 Securing the Audit Logs The audit log servers are differentiated into three different entities such as Untrusted Machine, Trusted Machine and

More about Role Of Security Audits On Computer Forensics

Open Document