Catalog Home Page

A survey on forensic investigation of operating system logs

Studiawan, H., Sohel, F. and Payne, C. (2019) A survey on forensic investigation of operating system logs. Digital Investigation, 29 . pp. 1-20.

PDF - Authors' Version
Embargoed until March 2021.

Link to Published Version:
*Subscription may be required


Event logs are one of the most important sources of digital evidence for forensic investigation because they record essential activities on the system. In this paper, we present a comprehensive literature survey of the forensic analysis on operating system logs. We present a taxonomy of various techniques used in this area. Additionally, we discuss the tools that support the examination of the event logs. This survey also gives a review of the publicly available datasets that are used in operating system log forensics research. Finally, we suggest potential future directions on the topic of operating system log forensics.

Item Type: Journal Article
Murdoch Affiliation: Information Technology, Mathematics and Statistics
Publisher: Elsevier Ltd
Copyright: © 2019 Elsevier Ltd.
Item Control Page Item Control Page