GrAALF: Supporting graphical analysis of audit logs for forensics

Abstract

Abstract System-level logs play a critical role in computer forensics. They capture interactions between programs and users in detail. However, a typical computer generates more than 2.5 million system events hourly, making finding malicious activities in such logs compute and time-intensive. We introduce GrAALF a graphical system for efficiently loading, storing, processing, querying, and displaying system events for computer forensics. In comparison to similar systems, GrAALF offers the flexibility of storage, intuitive querying, and the tracing power for longer sequences of events in real-time to help identify attacks. GrAALF is a robust solution for analysis to support computer forensics.