This artice is free to access.
Post-incident analysis of a security event is a complex task due to the volume of data that must be assessed, often within tight temporal constraints. System software, such as operating systems and applications, provide a range of opportunities to record data in log files about interactions with the computer that may provide evidence during an investigation. Data visualization can be used to aid data set interpretation and improve the ability of the analyst to make sense of information. This paper posits a novel methodology that visualizes data from a range of log files to aid the investigation process. In order to demonstrate the applicability of the approach, a case study of identification and analysis of attacks is presented. © 2014 Springer International Publishing.
Haggerty, J., & Hughes-Roberts, T. (2014). Visualization of system log files for post-incident analysis and response. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8533 LNCS, pp. 23–32). Springer Verlag. https://doi.org/10.1007/978-3-319-07620-1_3