Event logs are one of the most important sources of digital evidence for forensic investigation because they record essential activities on the system. In this paper, we present a comprehensive literature survey of the forensic analysis on operating system logs. We present a taxonomy of various techniques used in this area. Additionally, we discuss the tools that support the examination of the event logs. This survey also gives a review of the publicly available datasets that are used in operating system log forensics research. Finally, we suggest potential future directions on the topic of operating system log forensics.
A forensic investigator creates a timeline from a forensic disk image after an occurrence of a security incident. This procedure aims to acquire the time for all events identified from the investigated artifacts. An investigator usually looks for events of interest by manually searching the timeline. One of the sources from which to build a timeline is log files, and these events are often found in log messages. In this paper, we propose a sentiment analysis technique to automatically extract events of interest from log messages in the forensic timeline. We use a deep learning technique with a context and content attention model to identify aspect terms and the corresponding sentiments in the forensic timeline. Terms with negative sentiments indicate events of interest and are highlighted in the timeline. Therefore, the investigator can quickly examine the events and other activities recorded within the surrounding time frame. Experimental results on four public forensic case studies show that the proposed method achieves 98.43% and 99.64% for the F1 score and accuracy, respectively.
Attacks on operating system access control have become a significant and increasingly common problem. This type of security threat is recorded in a forensic artifact such as an authentication log. Forensic investigators will generally examine the log to analyze such incidents. An anomaly is highly correlated to an attacker's attempts to compromise the system. In this paper, we propose a novel method to automatically detect an anomaly in the access control log of an operating system. The logs will be first preprocessed and then clustered using an improved MajorClust algorithm to get a better cluster. This technique provides parameter-free clustering so that it automatically can produce an analysis report for the forensic investigators. The clustering results will be checked for anomalies based on a score that considers some factors such as the total members in a cluster, the frequency of the events in the log file, and the inter-arrival time of a specific activity. We also provide a graph-based visualization of logs to assist the investigators with easy analysis. Experimental results compiled on an open dataset of a Linux authentication log show that the proposed method achieved the accuracy of 83.14% in the authentication log dataset.
Attackers are most likely to exploit invalidated and unsanitized user input with several attacks such as cross-site scripting (XSS) or SQLinjection. Many methods were proposed to prevent those attacks. Some of them were created to learn about pattern and behavior of the attacker. That is honeypot.Honeypot is classified into two types based on the simulation that honeypot can do : low interaction and high interaction.In this paper, we propose a low-interaction honeypot for emulating vulnerabilities that can be exploited using XSS and SQL injection attacks. But this honeypot not only records attacker's request, but also try to expose attacker identity by using some browser exploitation techniques. Some attackers would use techniques to hide their identity, thus they couldn't be tracked. Our proposed honeypot was trying to overcome this problem by giving them malicious JavaScript codes. The malicious JavaScript codes will be run when an attacker open the honeypot's website.We have conducted several test to see how our honeypot's performance. Our honeypot could catch more useful information about the HTTP request than popular web-based honeypot, Glastopf. Moreover, there were attacker's social media accounts caught by using LikeJacking technique although they might have used proxy or TOR to hide their identity.Web applications are often become the main target of attacks. A survey conducted by Open Web Application Security Project (OW ASP) have launched several common attacks aimed at web applications [1]. Some top attacks recorded were XSS and SQL injection. SQL injection is performed by exploiting weaknesses in web applications that do not perform validation and sanitation in the input data. Th is kind of web applications vulnerability makes some parties initiate the creation of a system that is specifically designed to observe the behavior of cracker. The system is then known as ahoneypot.A honey pot is a system created to emulate service that runs on a server to observe the pattern of attacks. In general, honeypot is divided into two types based on the level of interaction with attacker, namely high-interaction and low interaction honey pot [2]. Low-interaction honeypot has a limited level of interaction because it only emulates a particular service on a system In contrast, high -interaction 978-1-4799-6432-1/14/$31.00 ©2014 IEEE honeypot has a high level of interaction because it uses the actual systems and services to be accessed by crackers. This leads high-interaction honeypot has higher risk when compared with low-interaction one. By studying the patterns of attack, the protection of production systems can be formulated.
Background: Mandibular bone on panoramic radiographs has been proven to be useful for identifying postmenopausal women with low skeletal bone mineral density. One of the important parts of mandibular bone is trabecular bone. Trabecular bone architecture is one of the factors that governs bone strength and may be categorized as a contributor to bone quality. Purpose: The purposes of this study were to develop a computer-aided system for measuring trabecular bone line strength on panoramic radiographs in identifying postmenopausal women with osteoporosis and to clarify the diagnostic efficacy of the system. Methods: Reduction and expansion of trabecular bone sample images using a two level Gaussian pyramid for removing noises and small segments were first introduced. Then, line strength at each pixel was calculated based on its existence on the trabecular bone with emphasizes line segment which has similar orientation with the root of tooth. The density was measured with respect to line strength of segment structure which has similar orientation with the root of tooth, either on the left and the right in the mandibular bone. Number of pixels in the line segment area was compared with a threshold value to determine whether normal or osteoporosis. Results: From experiment on 100 data, the accuracy of 88%, sensitivity of 92%, and specificity of 86.7% were achieved. Conclusion: The computer-aided system of trabecular bone analysis may be useful for detecting osteoporosis using panoramic radiographs.Latar belakang: Tulang mandibula pada panoramik radiografi telah banyak diteliti dan terbukti mampu digunakan untuk mengidentifikasi wanita pasca menopause dengan menggunakan bone mineral density rendah. Salah satu bagian tulang mandibula yang penting adalah tulang trabekula. Arsitektur tulang trabekula merupakan salah satu dari faktor-faktor yang mempengaruhi kekuatan tulang dan dapat digolongkan sebagai kontributor bagi kualitas tulang. Tujuan: Penelitian ini bertujuan untuk membangun sebuah sistem dengan bantuan komputer untuk mengukur kekuatan garis pada tulang trabekula dan menggunakannya untuk mendeteksi osteoporosis pada wanita postmenopause. Metode: Dilakukan sampling pada sebagian tulang mandibular yang menghasilkan sebuah sampel citra. Sampel citra ini selanjutnya diperbaiki dari derau (noise) dengan menggunakan piramida Gaussian dua level. Kekuatan garis pada tiap piksel dihitung berdasarkan orientasi segmen garis tulang trabekula yang sejajar dengan akar gigi. Setelah dilakukan binerisasi, luasan segmen yang dihasilkan dihitung dan dibandingkan dengan sebuah nilai ambang. Bila luasan melebihi nilai threshold maka dikategorikan sebagai normal. Sebaliknya bila luasan dibawah nilai threshold, dikategorikan sebagai osteoporosis. Hasil: Berdasarkan eksperimen terhadap 100 data, sistem mampu mencapai akurasi identifikasi sebesar 88%, sensitivitas 92%, dan spesifisitas 86,7%. Kesimpulan: Sistem analisa trabecular bone dengan bantuan komputer ini dapat digunakan oleh para dokter gigi untuk mendeteksi osteoporosis menggunakan panoramik radiografi.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
334 Leonard St
Brooklyn, NY 11211
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.