Turning log files into a security asset

Casey, Donal

doi:10.1016/s1353-4858(08)70016-3

Cited by 12 publications

(11 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A log management solution should allow for different types of log messages to be implemented as well as to provide better accountability into the activity seen within the environment [16]. When considering combining an FIM with a log management solution, the following considerations should be made:…”

Section: Combining Fim With Logging Solutionsmentioning

confidence: 99%

Comparison of File Integrity Monitoring (FIM) techniques for small business networks

Wilbert

Chen

2014

Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT)

View full text Add to dashboard Cite

File Integrity Monitoring (FIM) can provide the ability to track changes which have been made to an operating system or software as a result of malicious behavior. For small business environments, the need for these tools is present; however, because of the difficulty of managing such software many businesses may ignore using them. This paper will discuss how a small business should create criteria for comparing file integrity monitoring tools in order to locate the most effective product for their environment.

show abstract

Section: Combining Fim With Logging Solutionsmentioning

confidence: 99%

Comparison of File Integrity Monitoring (FIM) techniques for small business networks

Wilbert

Chen

2014

Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT)

View full text Add to dashboard Cite

show abstract

“…A typical organization has many network devices that, if configured correctly, can generate and store log files of user activities [8]. In order to make sense of all the data provided in continuous streams by network devices, dedicated logging infrastructures (log file servers) have been developed to support the storage and management of logs [8]. Some of the techniques include console logging, buffered logging, terminal logging, syslog, Simple Network Management Protocol (SNMP) traps and the Authentication, Authorization and Accounting (AAA) protocol [29].…”

Section: Network Log Miningmentioning

confidence: 99%

“…The second layer, called the discovery layer, follows the preparation layer ( Figure 1). In this layer, tests and experiments are carried out on the network devices to identify the digital footprints of the suspects [8]. The goal is to discover a link between the suspects and the incident.…”

Section: Discovery Layermentioning

confidence: 99%

“…Cyber criminals typically use computers connected to the Internet to penetrate computer networks. The attack traffic has to pass through various network devices because the computers used to launch the attack and the targeted system are usually on different networks [8]. These network devices can provide investigators with digital footprints that could reveal details of the techniques and the identities of the individuals and machines responsible an attack [19].…”

Section: Introductionmentioning

confidence: 99%

“…These network devices can provide investigators with digital footprints that could reveal details of the techniques and the identities of the individuals and machines responsible an attack [19]. If the network devices are configured properly, each attack action could leave digital footprints in the log files of the devices [8]. Log files provide significant evidence because they record all the activities that take place in an organization's computer network [19,26].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Log File Digital Forensic Model

Lalla

Flowerday

Sanyamahwe

et al. 2012

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

This paper describes a digital forensic model for investigating computer networks, focusing specifically on network log mining. A thorough examination of log files is needed to reveal the hidden actions of criminals in computer networks. The proposed model specifies the steps that forensic investigators can follow with regard to the extraction and examination of digital evidence from log files for use in legal proceedings.

show abstract

A Conceptual Analysis about the Organizational Impact of Compliance on Information Security Policy

Cavallari

2012

Lecture Notes in Business Information Processing

View full text Add to dashboard Cite

Turning log files into a security asset

Cited by 12 publications

References 0 publications

Comparison of File Integrity Monitoring (FIM) techniques for small business networks

Comparison of File Integrity Monitoring (FIM) techniques for small business networks

A Log File Digital Forensic Model

A Conceptual Analysis about the Organizational Impact of Compliance on Information Security Policy

Contact Info

Product

Resources

About