My Road to Digital Forensics Excellence

The Time and Attendance Investigation Conclusion

Posted by Paul Bobby on June 17, 2009

The previous set of tests were conducted using only a Local Account. The tests should be repeated using Network Credentials and Cached Network Credentials.

By performing this exhaustive test, an enterprising coder can use these log characteristics to create a sort of ‘smart’ log parser, thereby reducing a series of Security Log Events to a single event such as ‘Computer Idle to Screensaver Lock’ for example. For each scenario tested, a unique set of event log entries was created. They become a fingerprint of sorts for a particular circumstance.

I welcome your comments and suggestions. Especially if there are any errors in my tests.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: