Abstract
Computer forensics investigations are based on the evidence search process to determine the intruder techniques and activities. Current tools are mainly focused in gathering evidence from the target system however its analysis is a highly complicated task. In this paper, we present an Automated Forensic Diagnosis System composed by a Knowledge Attack Base and a series of log analysis processes working all together to reconstruct the attack actions after a security incident occurred. The log analysis is carried out by an Event Correlation Module which helps detecting multi-step attacks as well as reducing the false positive rate. The goal is to assist the forensic investigator reducing the time and complexity of the process.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
