Latzo T (2021)
Publication Type: Book chapter / Article in edited volumes
Publication year: 2021
Publisher: Springer
Edited Volumes: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series
Series: Digital Forensics and Cyber Crime. ICDF2C 2020
City/Town: Cham
Pages Range: 98-120
ISBN: 9783030687335
DOI: 10.1007/978-3-030-68734-2_6
Forensic investigations usually utilize log files to reconstruct previous events on computing systems. Using standard log files as well as traces of system calls, we analyze what traces are left by different events on a GNU/Linux server that runs different common services like an SSH server, Wordpress, Nextcloud and Docker containers. Based on these traces, we calculate characteristic fingerprints of these events that can later be matched to other log files to detect them. We develop a matching algorithm and examine the different parameters that influence its performance both in terms of event detectability and detection time. We also examine the effect of using different subsets of system calls to improve matching efficiency.
APA:
Latzo, T. (2021). Efficient Fingerprint Matching for Forensic Event Reconstruction. In Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series. (pp. 98-120). Cham: Springer.
MLA:
Latzo, Tobias. "Efficient Fingerprint Matching for Forensic Event Reconstruction." Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series. Cham: Springer, 2021. 98-120.
BibTeX: Download