CFP last date
20 January 2025
Reseach Article

Research Issues on Windows Event Log

by P. K. Sahoo, R. K. Chottray, S. Pattnaiak
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 41 - Number 19
Year of Publication: 2012
Authors: P. K. Sahoo, R. K. Chottray, S. Pattnaiak
10.5120/5650-8030

P. K. Sahoo, R. K. Chottray, S. Pattnaiak . Research Issues on Windows Event Log. International Journal of Computer Applications. 41, 19 ( March 2012), 40-48. DOI=10.5120/5650-8030

@article{ 10.5120/5650-8030,
author = { P. K. Sahoo, R. K. Chottray, S. Pattnaiak },
title = { Research Issues on Windows Event Log },
journal = { International Journal of Computer Applications },
issue_date = { March 2012 },
volume = { 41 },
number = { 19 },
month = { March },
year = { 2012 },
issn = { 0975-8887 },
pages = { 40-48 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume41/number19/5650-8030/ },
doi = { 10.5120/5650-8030 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T20:30:01.496643+05:30
%A P. K. Sahoo
%A R. K. Chottray
%A S. Pattnaiak
%T Research Issues on Windows Event Log
%J International Journal of Computer Applications
%@ 0975-8887
%V 41
%N 19
%P 40-48
%D 2012
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Due to the rapidly increasing connectivity and dependency over the internet by individuals and corporations to carry out their businesses, security breaches are increasing day by day. Security and privacy are becoming a greater concern for the modern world. The report of loss of critical data, cyber attacks, denial of service attacks, hacking of websites and systems etc. are becoming the headlines in news channels. In this context, log data are very useful as it is used to track the history of an intruder in day to day work and providing evidence for further investigation. Audit log data, which are produced by windows operating systems, are in binary format and are not compatible with the log format of other log sources, which makes the log management very complicated and most challenging. The windows event log stays locally in the host system and the centralization of logging process is not possible due to its distributed design. This paper outlines a brief overview of the various processes involved in the windows event logging environment and stressed to centralize the logging process. This research work implements the Winsyslog server as the central server to centralize the storage of log data and event reporter for translation of windows event log data from binary format to syslog format. The proposed architecture to centralize the storage of log data helps the system administrator in a great way by simplifying the logging process and also enhances the security to log data, which are most important for forensic investigation.

References
  1. David Watson, Matthew Smart and G. Robert Malan, "Protocol Scrubbing: Network Security Transparent Flow Modification", IEEE/ACM transactions on Networking, vol. 12, no. 2, April 2004.
  2. I-Long Lin Hong-Cheng Yang Guo-Long Gu Lin, Proceedings of 37th IEEE International Carnahan Conference on Security Technology, pages 14-16, October 2003.
  3. G. Vigna and R. A. Kemmerer, "Netstat: A network based intrusion detection approach", in the Proceedings of ACSAC, 1998.
  4. J. Yang, P. Ning, X. S. Wang, and S. Jajodia, "Cards: A distributed system for detecting coordinated attacks," in the Proceedings of SEC, Pages 171-180, 2000.
  5. H. Wang, D. Zhang, and K. G. Shin, "Detecting syn flooding attacks," in the Proceedings of IEEE INFOCOM, 2002.
  6. S. Savage, D. Wetherall, A. R. Karlin, and T. Anderson, "Practical network support for ip traceback," in the Proceedings of ACM SIGCOMM, Pages 295-306, 2000.
  7. Honolulu, Hawaii, Proceedings of the 2009 ACM symposium on Applied Computing, pages 1286-1293, 2009.
  8. Forte, D. V. Maruti, C. Vetturi, M. R. Zambelli "SecSyslog: an approach to secure logging based on covert channels", IEEE first International workshop on Systematic Approaches to Digital Forensic Engineering, page 248, November 2005.
  9. Annual IEEE Computer Security Applications Conferences, Issue ii, Pages: 219-228, 2009.
  10. Slagell A. , Yurcik W. , "Sharing computer network logs for security and privacy: a motivation for new methodologies of anonymization", IEEE 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, pages 80-89, September 2005.
  11. Ya-Ting Fan Shiuh-Jeng Wang "Intrusion Investigations with Data-Hiding for Computer Log-File Forensics", Proceedings of the IEEE 5th International Conference on Future Information Technology, pages 1-6, May 2010.
  12. Mihir Bellare, Bennet S. Yeey, Forward Integrity for Secure Audit Logs, Novemebre23, 1997.
  13. Deborah A. Frincke, "IEEE Computer and Reliability Societies, June 2009.
  14. Huebner, E. , and Henskens, F. , "The role of operating systems in computer forensics", SIGOPS Oper. Syst. Rev. , 42(3), 1-3. , 2008.
  15. "Forensic investigation on Windows Logs," [Online]. Available: http://www. icranium. com/blog/?p=194 [Accessed: Jun. 02, 2010].
  16. National Institute of Standards and Technology Special Publication 800-122(Draft), 58 pages, January 2009.
  17. C. Lonvick, "the bsd syslog protocol", Cisco Systems, August 2001.
  18. D. new and M. Rose, "Reliable Delivery for Syslog", Dover Beach Consulting Inc. , Nov. 2001.
Index Terms

Computer Science
Information Sciences

Keywords

Information Security Cyber Attacks Audit Log Syslog Event Reporter Winsyslog