Murdoch University Research Repository

Welcome to the Murdoch University Research Repository

The Murdoch University Research Repository is an open access digital collection of research
created by Murdoch University staff, researchers and postgraduate students.

Learn more

Automatic log parser to support forensic analysis

Studiawan, H., Sohel, F. and Payne, C. (2018) Automatic log parser to support forensic analysis. In: 16th Australian Digital Forensics Conference, 4 - 5 December 2018, Edith Cowan, Joondalup



Event log parsing is a process to split and label each field in a log entry. Existing approaches commonly use regular expressions or parsing rules to extract the fields. However, such techniques are time-consuming as a forensic investigator needs to define a new rule for each log file type. In this paper, we present a tool, namely nerlogparser, to parse the log entries automatically, where log parsing is modeled as a named entity recognition problem. We use a deep machine learning technique, specifically the bidirectional long short-term memory networks, as the underlying architecture for this purpose. Unlike existing tools, nerlogparser is a fully automatic tool as the investigators do not need to define any parsing rules and it is generic as there is only one model to parse various types of log files. Experimental results show that nerlogparser achieves superior performance compared with other traditional machine learning methods.

Item Type: Conference Paper
Murdoch Affiliation(s): School of Engineering and Information Technology
Item Control Page Item Control Page


Downloads per month over past year