Abstract
Logs record the events that have happened within in a system so they are considered the history of system activities. They are one of the objects that digital forensic investigators would like to examine when a security incident happens. However, logs were initially created for trouble shooting, and are not purposefully designed for digital forensics. Thus, enormous and redundant log data make analysis tasks complicated and time-consuming to find valuable information, and make logging-related techniques difficult utilized in some systems such as embedded systems. In this paper, we reconsider a data logging mechanism in terms of forensics and consequently, we propose purpose-based forensic logging. In purpose-based forensic logging, we only collect the required logs according to a specific purpose, which could decrease the space that logs occupy and may mitigate the analysis tasks during forensic investigations.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Kent, K., Souppaya, M.: Guide to Computer Security Log Management. National Institute of Standards and Technology (NIST), USA (2006)
Carrier, B., Spafford, E.: Getting Physical with the Digital Investigation Process. International Journal of Digital Evidence (2003)
Carreir, B.: File System Forensic Analysis. Addison-Wesley, Reading (2005)
Balakrishnan, R. , Sahoo, R. K.: Lossless Compression for Large Scale Cluster Logs. IBM Research Report RC23902 (W0603-038) (2006)
Rácz, B., Lukács, A.: High density compression of log files. In: IEEE Data Compression Conference. Snowbird, UT, USA (2004)
Skibiński, P., Swacha, J.: Fast and efficient log file compression. In: Ioannidis, Y., Novikov, B., Rachev, B. (eds.) ADBIS 2007. LNCS, vol. 4690, pp. 56–69. Springer, Heidelberg (2007)
Fowler, K.: A Real World Scenario of a SQL Server 2005 Database Forensics Investigation. In: 2007 Black Hat USA (2007)
Fowler, K.: SQL Server Database Forensics. In: 2007 Black Hat USA (2007)
Natun, R.B.: Implementing Database Security and Auditing. Elsevier, Amsterdam (2005)
Computer Crime Research Center, CSI/FBI Computer Crime and Security Survey (2004), http://www.crime-research.org/news/11.06.2004/423
Etymology of Log, Wikipedia, http://en.wikipedia.org/wiki/Data_log
Belani, R., Willis, C.: Web Application Incident Response and Forensics: A Whole New Ball Game. In: OWASP AppSec Conference (2006)
Kawaguchi, N., Ueda, S., Obata, N., Miyaji, R., Kaneko, S., Shigeno, H., Okada, K.: A Secure Logging Scheme for Forensic Computing. In: Proceedings of the 2004 IEEE Workshop on Information Assurance (2004)
Schneier, B., Kelsey, J.: Secure Audit Logs to Support Computer Forensics. ACM Transactions on Information and System Security 2, 159–176 (1999)
Bellare, M., Yee, B.S.: Forward Integrity for Secure Audit Logs. University of California, San Diego (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chou, BH., Takahashi, K., Hori, Y., Sakurai, K. (2009). Reconsidering Data Logging in Light of Digital Forensics. In: Park, J.H., Zhan, J., Lee, C., Wang, G., Kim, Th., Yeo, SS. (eds) Advances in Information Security and Its Application. ISA 2009. Communications in Computer and Information Science, vol 36. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02633-1_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-02633-1_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02632-4
Online ISBN: 978-3-642-02633-1
eBook Packages: Computer ScienceComputer Science (R0)