[logs] Log Analysis for Law Enforcement

From: Buck Buchanan (lbuchanaat_private)
Date: Thu Jan 16 2003 - 13:05:03 PST

  • Next message: Karl Vogel: "[logs] Can we build on existing software?"

    Here is another contribution to diversifying the discussions on the list.
    The Institute for Security Technology Studies at Dartmouth College has a
    paper out titled "Law Enforcement Tools and Technologies for Investigating
    Cyber Attacks" and you can get it via
    http://www.ists.dartmouth.edu/TAG/lena.htm.  Chapter 3 is of particular
    interest to this list.  One of the items suggested was the creation of a
    "nationally accessible repository of log file structures for multiple
    operating systems".  This is to assist investigators who are dealing with
    recovered fragments of deleted logs.  Another part suggests the need for a
    tool to merge multiple logs from multiple machines into a timeline.
    Hopefully this tool would have the smarts to figure out the differences
    between the clocks on the system supplying the logs, and to be able to
    determine the clock drift.
    B Cing U
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Fri Jan 17 2003 - 09:53:51 PST