Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Computational Forensics

International Workshop on Computational Forensics

IWCF 2012, IWCF 2014: Computational Forensics pp 145–162Cite as

Introducing and Analysis of the Windows 8 Event Log for Forensic Purposes

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNIP,volume 8915))

Abstract

All operating systems are employing some sort of logging mechanism to track and note users activities and Microsoft Windows is not an exception. Log Analysis is one of the important parts of Windows forensics process. The Windows event log system introducing in Windows NT was released with a new feature for Microsoft Windows family and since then went through several major changes and updates. The event log experienced major updated in Windows 8. This paper first introduces Windows 8 event log format and then proceeds with explaining methods for analyzing the logs for digital investigation and incident handling. The main contributions of this paper are introducing Windows8 logging service and forensic examination of it.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Sharma, H., Sabharwal, N.: Investigating the implications of virtual forensics. In: 2012 International Conference on Advances in Engineering, Science and Management (ICAESM), pp. 617–620. IEEE (2012)

    Google Scholar 

  2. Gupta, S.: Windows Logon Forensics. SANS Institute InfoSec Reading Room. https://www.sans.org/reading-room/whitepapers/forensics/windows-logon-forensics-34132

  3. Daryabar, F., Dehghantanha, A., Udzir, N.I.: A review on impacts of cloud computing on digital forensics. Int. J. Cyber-Secur. Digit. Forensics (IJCSDF) 2(2), 77–94 (2013)

    Google Scholar 

  4. Aminnezhad, A., Dehghantanha, A., Abdullah, M.: A survey on privacy issues in digital forensics. Int. J. Cyber-Secur. Digit. Forensics (IJCSDF) 1(4), 311–323 (2012)

    Google Scholar 

  5. Dezfoli, F.N., Dehghantanha, A., Mahmoud, R., Sani, N.F.B.M., Daryabar, F.: Digital forensic trends and future. Int. J. Cyber-Secur. Digit. Forensics (IJCSDF) 2(2), 48–76 (2013)

    Google Scholar 

  6. Damshenas, M., Dehghantanha, A., Mahmoud, R., bin Shamsuddin, S.: Forensics investigation challenges in cloud computing environments. In: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), pp. 190–194. IEEE (2012)

    Google Scholar 

  7. Parvez, S., Dehghantanha, A., Broujerdi, H.G.: Framework of digital forensics for the samsung star series phone. In: 2011 3rd International Conference on Electronics Computer Technology (ICECT), vol. 2, pp. 264–267. IEEE (2011)

    Google Scholar 

  8. TzeTzuen, Y., Dehghantanha, A., Seddon, A., Mohtasebi, S.H.: Greening digital forensics: opportunities and challenges. In: Das, V.V., Ariwa, E., Rahayu, S.B. (eds.) SPIT 2011. LNICST, vol. 62, pp. 114–119. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  9. Daryabar, F., Dehghantanha, A., Broujerdi, H.G.: Investigation of malware defence and detection techniques. Int. J. Digit. Inf. Wireless Commun. (IJDIWC) 1(3), 645–650 (2011)

    Google Scholar 

  10. Mohtasebi, S.H., Dehghantanha, A., Broujerdi, H.G.: Smartphone forensics: a case study with Nokia E5-00 mobile phone. Int. J. Digit. Inf. Wireless Commun. (IJDIWC) 1(3), 651–655 (2011)

    Google Scholar 

  11. Mohtasebi, S.H., Dehghantanha, A.: Towards a unified forensic investigation framework of smartphones. Int. J. Comput. Theory Eng. 5(2), 351–355 (2013)

    Article  Google Scholar 

  12. Saleh, M., Arasteh, A.R., Sakha, A., Debbabi, M.: Forensic analysis of logs: modeling and verification. Knowl.-Based Syst. 20(7), 671–682 (2007)

    Article  Google Scholar 

  13. Borhan, N., Mahmod, R., Dehghantanha, A.: A framework of TPM, SVM and boot control for securing forensic logs. Int. J. Comput. Appl. 50, 15–19 (2012)

    Google Scholar 

  14. Ibrahim, N.M., Al-Nemrat, A., Jahankhani, H., Bashroush, H.: Sufficiency of windows event log as evidence in digital forensics. In: Georgiadis, C.K., Jahankhani, H., Pimenidis, E., Bashroush, R., Al-Nemrat, A. (eds.) ICGS3/e-Democracy 2011. LNICST, vol. 99, pp. 253–262. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  15. Schuster, A.: Introducing the Microsoft Vista event log file format. Digit. Invest. 4, 65–72 (2007)

    Article  Google Scholar 

  16. Guy Thomas.: Microsoft Windows 8 Event Viewer. Computer Performance LTD. http://www.computerperformance.co.uk/win8/windows8-event-viewer.htm

  17. Microsoft Corporation, Redmond.: Event Logging. http://msdn.microsoft.com/en-us/library/windows/desktop/aa363632(v=vs.85).aspx

  18. Microsoft Corporation, Redmond.: Event Types. http://msdn.microsoft.com/en-us/library/windows/desktop/aa363632(v=vs.85).aspx

  19. Fleisher, E.: Windows 8 Forensics: Reset and Refresh Artifacts., cyber arms – computer security. http://www.computerperformance.co.uk/win8/windows8-event-viewer.htm

  20. Brengle, M.: Working with the Event Viewer in Windows., 7 tutorials-Help & Howto for windows. http://www.7tutorials.com/basics-about-working-event-viewer-windows

  21. InsungPark, Buch, R.: Improve Debugging And Performance Tuning With ETW., MSDN Magazine. http://msdn.microsoft.com/en-us/magazine/cc163437.aspx

  22. Microsoft Corporation, Redmond.: What information appears in event logs. http://windows.microsoft.com/en-us/windows/what-information-event-logs-event-viewer#1TC=windows-7

  23. TZWorks Limited Liability Company.: Windows Event Log Viewer. TZWorksLLC. https://www.tzworks.net/index.html

  24. Microsoft Corporation, Redmond.: Event Logging. http://msdn.microsoft.com/en-us/library/windows/desktop/aa363652(v=vs.85).aspx

  25. Microsoft Corporation, Redmond.: Event Log File Format. http://msdn.microsoft.com/en-us/library/windows/desktop/bb309026(v=vs.85).aspx

  26. Von Schuster, A.: Evtx Data Types., Computer-Forensik. http://computer.forensikblog.de/en/2007/08/evtx-data-types.html

  27. Verma, P.: Basics of Forensics Log Analysis., Information Security Intelligence. http://palizine.plynt.com/issues/2009Oct/forensic-log-analysis/

Download references

Author information

Authors and Affiliations

  1. Faculty of Computer Science and Information Technology, University Putra Malaysia, Seri Kembangan, Malaysia

    Javad Talebi & Ramlan Mahmoud

  2. School of Computing, Science and Engineering, University of Salford, Manchester, UK

    Ali Dehghantanha

Authors
  1. Javad Talebi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ali Dehghantanha
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ramlan Mahmoud
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ali Dehghantanha .

Editor information

Editors and Affiliations

  1. Indian Statistical Institute, Kolkata, India

    Utpal Garain

  2. School of Electrical Engineering and Computer Science, National University of Sciences and Technology, Islamabad, Pakistan

    Faisal Shafait

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Talebi, J., Dehghantanha, A., Mahmoud, R. (2015). Introducing and Analysis of the Windows 8 Event Log for Forensic Purposes. In: Garain, U., Shafait, F. (eds) Computational Forensics. IWCF IWCF 2012 2014. Lecture Notes in Computer Science(), vol 8915. Springer, Cham. https://doi.org/10.1007/978-3-319-20125-2_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-20125-2_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-20124-5

  • Online ISBN: 978-3-319-20125-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation