Abstract
The prevalence of computer and the internet has brought forth the increasing spate of cybercrime activities; hence the need for evidence to attribute a crime to a suspect. The research therefore, centres on evidence, the legal standards applied to digital evidence presented in court and the main sources of evidence in the Windows OS, such as the Registry, slack space and the Windows event log. In order to achieve the main aim of this research, cybercrime activities such as automated password guessing attack and hacking was emulated on to a Windows OS within a virtual network environment set up using VMware workstation. After the attack the event logs on the victim system was analysed and assessed for its admissibility (evidence must conform to certain legal rules), and weight (evidence must convince the court that the accused committed the crime).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Wang, S.J.: Measures of retaining digital evidence to prosecute computer-based cyber-crime 29(2), 216–223 (2006)
Dashora, K., Tomar, D.S., Rana, J.L.: A practical approach to evidence gathering in Windows environment 5(8), 21–27 (2010)
Wang, G., Cannady, J., and Rosenbluth, J.: Foundation of computer forensics: A technology for the fight against cyber-crime 21(2), 119–127 (2005)
Abdullah, M.T., Mahmood, R., Ghani, A.A.A., Abdullah, M.Z., Sultan, A.M.S.: Advances in computer forensics 8(2), 215–219 (2008)
Sommer, P.: Intrusion detection as evidence 31(23-24), 2477–2487 (1999)
Casey, E.: Digital evidence and computer crime: forensic science computer and internet, 2nd edn. Academic press, London (2004)
Steel, C.: Windows forensic: The field guide for corporate computer Investigations. John Wiley and Sons (2006)
Schuster, A.: Introducing the Microsoft vista event log file format 4(1), 65–72 (2007)
Stallings, W., Brown, L.: Computer security: principle and practice. Pearson Education Inc., NJ (2008)
StrathclydeForensics, (n.d) Windows forensics, http://www.strathclydeforensics.co.uk/windows_forensics.htm (accessed: March 12, 2011)
Kenneally, E.E.: Digital logs-proof matters 1(2), 94–101 (2004)
Ryan, D.J., Shpantzer, G.: Legal aspect of digital forensic (2002), http://euro.ecom.cmu.edu/program/law/08-732/Evidence/RyanShpantzer.pdf (accessed: March 25, 2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Ibrahim, N.M., Al-Nemrat, A., Jahankhani, H., Bashroush, R. (2012). Sufficiency of Windows Event Log as Evidence in Digital Forensics. In: Georgiadis, C.K., Jahankhani, H., Pimenidis, E., Bashroush, R., Al-Nemrat, A. (eds) Global Security, Safety and Sustainability & e-Democracy. e-Democracy ICGS3 2011 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 99. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33448-1_34
Download citation
DOI: https://doi.org/10.1007/978-3-642-33448-1_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33447-4
Online ISBN: 978-3-642-33448-1
eBook Packages: Computer ScienceComputer Science (R0)