| Towards Identifying Criteria for the Evidential Weight of System Event Logs Abstract (2008) | |||||||||||||||
Abstract | |||||||||||||||
| Despite the widespread use of computing in almost all functions of contemporary society and the consequently large number of forensic investigations where computing has been involved, there has been little progress made in adapting the primary mechanism by which computers record past activity, namely event logs to facilitate computer forensic investigation. From an evidence point of view system event logs do not readily conform to the requirements of a forensic investigation. We identify two criteria – Accuracy, and Completeness, and a third criterion- Utility that can be used to assess the evidential weight of system event information derived from event logs and to identify the desirable qualities of a forensically suitable event log. | |||||||||||||||
Publication details | |||||||||||||||
| |||||||||||||||