Downloads: 107 | Views: 316

M.Tech / M.E / PhD Thesis | Computer Science & Engineering | India | Volume 5 Issue 5, May 2016 | Popularity: 6.7 / 10

Rate This Article!      

A New Approach for Real Time Evidence Collection from Linux Environment

Neethu P Nair, Maniveena C

Abstract: Evidence collection from computers is an important step in the process of digital investigations. An event could correspond to a system log entry where the operating system has recorded that a particular user or application performs a certain action. Depending on the configuration of the system the logs may omit some types of forensically interesting events and include various forensically uninteresting events. So there is an increased need of a system that will collect evidences related to computer activities. Through this paper a real time computer forensics system that records computer activity for forensic investigation on a Linux based computer system is aimed. This will help investigators who look for evidences in these operating systems. This method is different from the traditional post-mortem method of examining data since activities are being recorded as they are happening.

Keywords: inode, inotify, post-mortem analysis, syslog, monitoring

Edition: Volume 5 Issue 5, May 2016

Pages: 1487 - 1489

DOI: https://www.doi.org/10.21275/NOV163650

Make Sure to Disable the Pop-Up Blocker of Web Browser

Click to Cite this Article

Similar Articles