Skip to content

Visualization of system log files for post-incident analysis and response

Citations of this article
Mendeley users who have this article in their library.

This artice is free to access.


Post-incident analysis of a security event is a complex task due to the volume of data that must be assessed, often within tight temporal constraints. System software, such as operating systems and applications, provide a range of opportunities to record data in log files about interactions with the computer that may provide evidence during an investigation. Data visualization can be used to aid data set interpretation and improve the ability of the analyst to make sense of information. This paper posits a novel methodology that visualizes data from a range of log files to aid the investigation process. In order to demonstrate the applicability of the approach, a case study of identification and analysis of attacks is presented. © 2014 Springer International Publishing.




Haggerty, J., & Hughes-Roberts, T. (2014). Visualization of system log files for post-incident analysis and response. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8533 LNCS, pp. 23–32). Springer Verlag.

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free