October 29, 2016
Categorised in: Computer Forensic & Cyber Applications
Attribution is a major goal and log files can record which account was used to access a system at a given time.
User accounts allow two forms of access to computers interactive login and access to shared resources.
Both forms of access can significantly expand the pool of suspects in an investigation.
If illegal materials are found on a computer, individuals with legitimate access to the computer are the obvious suspects.
However, there is the possibility that someone gained unauthorized access to the computer and stored illegal materials on the disk.
Similarly, if secret information is stolen from a computer system or a computer is used to commit a crime, it is possible that someone gained unauthorized access to the computer.
Modern Windows operating systems store log files in the “%systemroot%\system32\ config\” folder (most commonly “c:\winnt\system32\config\”) .
However, a new log format was introduced in Windows Vista along with different event identifiers.