Digital Forensics and Cyber Crime. 11th EAI International Conference, ICDF2C 2020, Boston, MA, USA, October 15-16, 2020, Proceedings

Research Article

Efficient Fingerprint Matching for Forensic Event Reconstruction

Download
16 downloads
Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1007/978-3-030-68734-2_6,
    author={Tobias Latzo},
    title={Efficient Fingerprint Matching for Forensic Event Reconstruction},
    proceedings={Digital Forensics and Cyber Crime. 11th EAI International Conference, ICDF2C 2020, Boston, MA, USA, October 15-16, 2020, Proceedings},
    proceedings_a={ICDF2C},
    year={2021},
    month={2},
    keywords={Forensic event reconstruction Linux logs System call tracing SIEM},
    doi={10.1007/978-3-030-68734-2_6}
}
  • Tobias Latzo
    Year: 2021
    Efficient Fingerprint Matching for Forensic Event Reconstruction
    ICDF2C
    Springer
    DOI: 10.1007/978-3-030-68734-2_6
Tobias Latzo1,*
  • 1: Department of Computer Science
*Contact email: tobias.latzo@fau.de

Abstract

Forensic investigations usually utilize log files to reconstruct previous events on computing systems. Using standard log files as well as traces of system calls, we analyze what traces are left by different events on a GNU/Linux server that runs different common services like an SSH server, Wordpress, Nextcloud and Docker containers. Based on these traces, we calculate characteristic fingerprints of these events that can later be matched to other log files to detect them. We develop a matching algorithm and examine the different parameters that influence its performance both in terms of event detectability and detection time. We also examine the effect of using different subsets of system calls to improve matching efficiency.

Keywords
Forensic event reconstruction Linux logs System call tracing SIEM
Published
2021-02-07
Appears in
SpringerLink
http://dx.doi.org/10.1007/978-3-030-68734-2_6
Copyright © 2020–2025 ICST
EAI Logo

About EAI

Community

Publish with EAI