ECF - Event correlation for forensics
Chen, Kevin, Clark, Andrew, De Vel, Olivier, & Mohay, George (2003) ECF - Event correlation for forensics. In First Australian Computer Network and Information Forensics Conference, 25 November 2003, Perth, Australia.
The focus of the research described in this paper is on the nature of the event information provided in commonly available computer and other logs and the extent to which it is possible to correlate such event information despite its heterogeneous nature and origins. The strategic purpose of the research has been to develop a means by which a consolidated repository of such information can be constituted and then queried in order to provide an investigator with post hoc event correlation for forensics purposes (ECF). The paper provides an account of the log processing techniques utilized, and the nature of the database and query engine that have been developed in our current prototype and two examples of scenarios investigated and identified by the current prototype.
Impact and interest:
Citation counts are sourced monthly from and citation databases.
Citations counts from theindexing service can be viewed at the linked Google Scholar™ search.
|Item Type:||Conference Paper|
|Keywords:||event correlation, computer forensics|
|Subjects:||Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)|
|Divisions:||Past > QUT Faculties & Divisions > Faculty of Science and Technology
Past > Institutes > Information Security Institute
|Copyright Owner:||Copyright 2003 The Authors|
|Deposited On:||14 Jun 2009 22:20|
|Last Modified:||29 Feb 2012 12:58|
Repository Staff Only: item control page