Global Security, Safety and Sustainability & e-Democracy. 7th International and 4th e-Democracy, Joint Conferences, ICGS3/e-Democracy 2011, Thessaloniki, Greece, August 24-26, 2011, Revised Selected Papers

Research Article

Sufficiency of Windows Event Log as Evidence in Digital Forensics

Download98 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-33448-1_34,
        author={Nurdeen Ibrahim and Ameer Al-Nemrat and Hamid Jahankhani and Rabih Bashroush},
        title={Sufficiency of Windows Event Log as Evidence in Digital Forensics},
        proceedings={Global Security, Safety and Sustainability \& e-Democracy. 7th International and 4th e-Democracy, Joint Conferences, ICGS3/e-Democracy 2011, Thessaloniki, Greece, August 24-26, 2011, Revised Selected Papers},
        proceedings_a={ICGS3 \& E-DEMOCRACY},
        year={2012},
        month={10},
        keywords={Cybercrime Digital forensics Digital evidences},
        doi={10.1007/978-3-642-33448-1_34}
    }
    
  • Nurdeen Ibrahim
    Ameer Al-Nemrat
    Hamid Jahankhani
    Rabih Bashroush
    Year: 2012
    Sufficiency of Windows Event Log as Evidence in Digital Forensics
    ICGS3 & E-DEMOCRACY
    Springer
    DOI: 10.1007/978-3-642-33448-1_34
Nurdeen Ibrahim1,*, Ameer Al-Nemrat1,*, Hamid Jahankhani1,*, Rabih Bashroush1,*
  • 1: University of East London
*Contact email: u0947707@uel.ac.uk, ameer@uel.ac.uk, hamid2@uel.ac.uk, rabih@uel.ac.uk

Abstract

The prevalence of computer and the internet has brought forth the increasing spate of cybercrime activities; hence the need for evidence to attribute a crime to a suspect. The research therefore, centres on evidence, the legal standards applied to digital evidence presented in court and the main sources of evidence in the Windows OS, such as the Registry, slack space and the Windows event log. In order to achieve the main aim of this research, cybercrime activities such as automated password guessing attack and hacking was emulated on to a Windows OS within a virtual network environment set up using VMware workstation. After the attack the event logs on the victim system was analysed and assessed for its admissibility (evidence must conform to certain legal rules), and weight (evidence must convince the court that the accused committed the crime).