Introducing and analysis of the Windows 8 event log for forensic purposes

Talebi, J; Dehghantanha, A; Ramlan, M

doi:10.1007/978-3-319-20125-2_13

Introducing and analysis of the Windows 8 event log for forensic purposes

Talebi, J; Dehghantanha, A; Ramlan, M

Authors

J Talebi

A Dehghantanha

M Ramlan

Abstract

All operating systems are employing some sort of logging mechanism to track and note users activities and Microsoft Windows is not an exception. Log Analysis is one of the important parts of Windows forensics process. The Windows event log system introducing in Windows NT was released with a new feature for Microsoft Windows family and since then went through several major changes and updates. The event log experienced major updated in Windows 8. This paper first introduces Windows 8 event log format and then proceeds with explaining methods for analyzing the logs for digital investigation and incident handling. The main contributions of this paper are introducing Windows8 logging service and forensic examination of it.

Citation

Talebi, J., Dehghantanha, A., & Ramlan, M. (2015). Introducing and analysis of the Windows 8 event log for forensic purposes. In Computational Forensics (145-162). Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-319-20125-2_13

Publication Date	Jan 1, 2015
Deposit Date	Aug 18, 2015
Pages	145-162
Book Title	Computational Forensics
ISBN	9783319201245
DOI	https://doi.org/10.1007/978-3-319-20125-2_13
Publisher URL	http://dx.doi.org/10.1007/978-3-319-20125-2_13
Related Public URLs	http://dx.doi.org/10.1007/978-3-319-20125-2