Reconsidering data logging in light of digital forensics

Bin Hui Chou; Kenichi Takahashi; Yoshiaki Hori; Kouichi Sakurai

doi:10.1007/978-3-642-02633-1_15

Reconsidering data logging in light of digital forensics

Bin Hui Chou, Kenichi Takahashi, Yoshiaki Hori, Kouichi Sakurai

Mathematical Informatics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Logs record the events that have happened within in a system so they are considered the history of system activities. They are one of the objects that digital forensic investigators would like to examine when a security incident happens. However, logs were initially created for trouble shooting, and are not purposefully designed for digital forensics. Thus, enormous and redundant log data make analysis tasks complicated and time-consuming to find valuable information, and make logging-related techniques difficult utilized in some systems such as embedded systems. In this paper, we reconsider a data logging mechanism in terms of forensics and consequently, we propose purpose-based forensic logging. In purpose-based forensic logging, we only collect the required logs according to a specific purpose, which could decrease the space that logs occupy and may mitigate the analysis tasks during forensic investigations.

Original language	English
Title of host publication	Advances in Information Security and Its Application
Subtitle of host publication	Third International Conference, ISA 2009, Proceedings
Publisher	Springer Verlag
Pages	111-118
Number of pages	8
ISBN (Print)	9783642026324
DOIs	https://doi.org/10.1007/978-3-642-02633-1_15
Publication status	Published - 2009

Publication series

Name	Communications in Computer and Information Science
Volume	36
ISSN (Print)	1865-0929

All Science Journal Classification (ASJC) codes

Computer Science(all)
Mathematics(all)

Access to Document

10.1007/978-3-642-02633-1_15

Cite this

Reconsidering data logging in light of digital forensics. / Chou, Bin Hui; Takahashi, Kenichi; Hori, Yoshiaki et al.
Advances in Information Security and Its Application: Third International Conference, ISA 2009, Proceedings. Springer Verlag, 2009. p. 111-118 (Communications in Computer and Information Science; Vol. 36).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

@inproceedings{cf61ad6eb5264cc5b07313ae9bb1d29f,

title = "Reconsidering data logging in light of digital forensics",

abstract = "Logs record the events that have happened within in a system so they are considered the history of system activities. They are one of the objects that digital forensic investigators would like to examine when a security incident happens. However, logs were initially created for trouble shooting, and are not purposefully designed for digital forensics. Thus, enormous and redundant log data make analysis tasks complicated and time-consuming to find valuable information, and make logging-related techniques difficult utilized in some systems such as embedded systems. In this paper, we reconsider a data logging mechanism in terms of forensics and consequently, we propose purpose-based forensic logging. In purpose-based forensic logging, we only collect the required logs according to a specific purpose, which could decrease the space that logs occupy and may mitigate the analysis tasks during forensic investigations.",

author = "Chou, {Bin Hui} and Kenichi Takahashi and Yoshiaki Hori and Kouichi Sakurai",

year = "2009",

doi = "10.1007/978-3-642-02633-1_15",

language = "English",

isbn = "9783642026324",

series = "Communications in Computer and Information Science",

publisher = "Springer Verlag",

pages = "111--118",

booktitle = "Advances in Information Security and Its Application",

address = "Germany",

}

TY - GEN

T1 - Reconsidering data logging in light of digital forensics

AU - Chou, Bin Hui

AU - Takahashi, Kenichi

AU - Hori, Yoshiaki

AU - Sakurai, Kouichi

PY - 2009

Y1 - 2009

N2 - Logs record the events that have happened within in a system so they are considered the history of system activities. They are one of the objects that digital forensic investigators would like to examine when a security incident happens. However, logs were initially created for trouble shooting, and are not purposefully designed for digital forensics. Thus, enormous and redundant log data make analysis tasks complicated and time-consuming to find valuable information, and make logging-related techniques difficult utilized in some systems such as embedded systems. In this paper, we reconsider a data logging mechanism in terms of forensics and consequently, we propose purpose-based forensic logging. In purpose-based forensic logging, we only collect the required logs according to a specific purpose, which could decrease the space that logs occupy and may mitigate the analysis tasks during forensic investigations.

AB - Logs record the events that have happened within in a system so they are considered the history of system activities. They are one of the objects that digital forensic investigators would like to examine when a security incident happens. However, logs were initially created for trouble shooting, and are not purposefully designed for digital forensics. Thus, enormous and redundant log data make analysis tasks complicated and time-consuming to find valuable information, and make logging-related techniques difficult utilized in some systems such as embedded systems. In this paper, we reconsider a data logging mechanism in terms of forensics and consequently, we propose purpose-based forensic logging. In purpose-based forensic logging, we only collect the required logs according to a specific purpose, which could decrease the space that logs occupy and may mitigate the analysis tasks during forensic investigations.

UR - http://www.scopus.com/inward/record.url?scp=67649961938&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=67649961938&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-02633-1_15

DO - 10.1007/978-3-642-02633-1_15

M3 - Conference contribution

AN - SCOPUS:67649961938

SN - 9783642026324

T3 - Communications in Computer and Information Science

SP - 111

EP - 118

BT - Advances in Information Security and Its Application

PB - Springer Verlag

ER -

Reconsidering data logging in light of digital forensics

Abstract

Publication series

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this