CN116450885A - 一种Windows事件日志文件的数据重构方法 - Google Patents
一种Windows事件日志文件的数据重构方法 Download PDFInfo
- Publication number
- CN116450885A CN116450885A CN202310112341.7A CN202310112341A CN116450885A CN 116450885 A CN116450885 A CN 116450885A CN 202310112341 A CN202310112341 A CN 202310112341A CN 116450885 A CN116450885 A CN 116450885A
- Authority
- CN
- China
- Prior art keywords
- event
- windows
- information
- file
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 239000000284 extract Substances 0.000 claims abstract description 5
- 238000005215 recombination Methods 0.000 claims abstract description 3
- 230000006798 recombination Effects 0.000 claims abstract description 3
- 238000004458 analytical method Methods 0.000 claims description 14
- 238000013507 mapping Methods 0.000 claims description 7
- 238000004140 cleaning Methods 0.000 claims description 5
- 239000012634 fragment Substances 0.000 claims description 4
- 238000000605 extraction Methods 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000007405 data analysis Methods 0.000 description 4
- 230000006399 behavior Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/80—Information retrieval; Database structures therefor; File system structures therefor of semi-structured data, e.g. markup language structured data such as SGML, XML or HTML
- G06F16/84—Mapping; Conversion
- G06F16/86—Mapping to a database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/80—Information retrieval; Database structures therefor; File system structures therefor of semi-structured data, e.g. markup language structured data such as SGML, XML or HTML
- G06F16/84—Mapping; Conversion
- G06F16/88—Mark-up to mark-up conversion
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310112341.7A CN116450885B (zh) | 2023-02-14 | 2023-02-14 | 一种Windows事件日志文件的数据重构方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310112341.7A CN116450885B (zh) | 2023-02-14 | 2023-02-14 | 一种Windows事件日志文件的数据重构方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116450885A true CN116450885A (zh) | 2023-07-18 |
CN116450885B CN116450885B (zh) | 2024-05-03 |
Family
ID=87134411
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310112341.7A Active CN116450885B (zh) | 2023-02-14 | 2023-02-14 | 一种Windows事件日志文件的数据重构方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116450885B (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117742782A (zh) * | 2024-02-19 | 2024-03-22 | 成都九洲电子信息系统股份有限公司 | 用于软件系统的日志数据跨语言自动记录方法及系统 |
CN117742783A (zh) * | 2024-02-19 | 2024-03-22 | 成都九洲电子信息系统股份有限公司 | 用于软件系统的日志数据跨语言自动记录方法 |
Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6158019A (en) * | 1996-12-15 | 2000-12-05 | Delta-Tek Research, Inc. | System and apparatus for merging a write event journal and an original storage to produce an updated storage using an event map |
US20040254919A1 (en) * | 2003-06-13 | 2004-12-16 | Microsoft Corporation | Log parser |
KR100857036B1 (ko) * | 2007-04-20 | 2008-09-05 | (주)엔텔스 | 과금 시스템에서 트랜잭션 로그 파일을 이용한 장애 복구방법 및 그 장치 |
US20080256142A1 (en) * | 2007-04-10 | 2008-10-16 | Apertio Limited | Journaling in network data architectures |
US20110040733A1 (en) * | 2006-05-09 | 2011-02-17 | Olcan Sercinoglu | Systems and methods for generating statistics from search engine query logs |
US8086650B1 (en) * | 2007-06-15 | 2011-12-27 | Ipswitch, Inc. | Method for transforming and consolidating fields in log records from logs generated on different operating systems |
US8918371B1 (en) * | 2014-05-27 | 2014-12-23 | Flexera Software Llc | Systems and methods for event log compensation |
CN106371953A (zh) * | 2015-07-22 | 2017-02-01 | 奥普塔姆软件股份有限公司 | 紧凑二进制事件日志生成 |
CN106789195A (zh) * | 2016-12-02 | 2017-05-31 | 华为技术有限公司 | 一种事件处理方法及网管设备、服务器 |
US20200136938A1 (en) * | 2018-10-31 | 2020-04-30 | Salesforce.Com, Inc. | Generating events from host based logging for consumption by a network logging host |
CN113569234A (zh) * | 2021-06-17 | 2021-10-29 | 南京大学 | 一种用于安卓攻击场景重建的可视化取证系统及实现方法 |
US20220066998A1 (en) * | 2020-08-26 | 2022-03-03 | Vmware, Inc. | Methods and systems that identify computational-entity transactions and corresponding log/event-message traces from streams and/or collections of log/event messages |
CN114915479A (zh) * | 2022-05-18 | 2022-08-16 | 中国科学院信息工程研究所 | 一种基于Web日志的Web攻击阶段分析方法及系统 |
CN115129494A (zh) * | 2022-08-31 | 2022-09-30 | 浙江工业大学 | 一种基于Windows内核的事件日志采集方法及系统 |
-
2023
- 2023-02-14 CN CN202310112341.7A patent/CN116450885B/zh active Active
Patent Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6158019A (en) * | 1996-12-15 | 2000-12-05 | Delta-Tek Research, Inc. | System and apparatus for merging a write event journal and an original storage to produce an updated storage using an event map |
US20040254919A1 (en) * | 2003-06-13 | 2004-12-16 | Microsoft Corporation | Log parser |
US20110040733A1 (en) * | 2006-05-09 | 2011-02-17 | Olcan Sercinoglu | Systems and methods for generating statistics from search engine query logs |
US20080256142A1 (en) * | 2007-04-10 | 2008-10-16 | Apertio Limited | Journaling in network data architectures |
KR100857036B1 (ko) * | 2007-04-20 | 2008-09-05 | (주)엔텔스 | 과금 시스템에서 트랜잭션 로그 파일을 이용한 장애 복구방법 및 그 장치 |
US8086650B1 (en) * | 2007-06-15 | 2011-12-27 | Ipswitch, Inc. | Method for transforming and consolidating fields in log records from logs generated on different operating systems |
US8918371B1 (en) * | 2014-05-27 | 2014-12-23 | Flexera Software Llc | Systems and methods for event log compensation |
CN106371953A (zh) * | 2015-07-22 | 2017-02-01 | 奥普塔姆软件股份有限公司 | 紧凑二进制事件日志生成 |
CN106789195A (zh) * | 2016-12-02 | 2017-05-31 | 华为技术有限公司 | 一种事件处理方法及网管设备、服务器 |
US20200136938A1 (en) * | 2018-10-31 | 2020-04-30 | Salesforce.Com, Inc. | Generating events from host based logging for consumption by a network logging host |
US20220066998A1 (en) * | 2020-08-26 | 2022-03-03 | Vmware, Inc. | Methods and systems that identify computational-entity transactions and corresponding log/event-message traces from streams and/or collections of log/event messages |
CN113569234A (zh) * | 2021-06-17 | 2021-10-29 | 南京大学 | 一种用于安卓攻击场景重建的可视化取证系统及实现方法 |
CN114915479A (zh) * | 2022-05-18 | 2022-08-16 | 中国科学院信息工程研究所 | 一种基于Web日志的Web攻击阶段分析方法及系统 |
CN115129494A (zh) * | 2022-08-31 | 2022-09-30 | 浙江工业大学 | 一种基于Windows内核的事件日志采集方法及系统 |
Non-Patent Citations (6)
Title |
---|
HEMDAN 等: "Spark-based log data analysis for reconstruction of cybercrime events in cloud environment", 2017 INTERNATIOANL CONFERENCE ON CIRCUIT, POWER AND COMPUTING TECHNOLOGIES(ICCPCT), 21 April 2017 (2017-04-21), pages 1 - 8, XP033228921, DOI: 10.1109/ICCPCT.2017.8074209 * |
SOLTANI S 等: "A formal model for event reconstruction in digital forensic investigation", DIGITAL INVESTIGATION, 30 September 2019 (2019-09-30), pages 148 - 160 * |
周建华;: "一种基于日志关联分析的取证模型", 计算机时代, no. 10, 2 October 2007 (2007-10-02), pages 28 - 30 * |
唐新宇: "网络安全日志可视化取证分析系统设计与实现", 《中国优秀硕士学位论文全文数据库·信息科技辑》, no. 08, 15 August 2018 (2018-08-15), pages 1 - 64 * |
楼永坚;王鹏;: "Windows Vista系统日志雕复方法研究与实现", 杭州电子科技大学学报, no. 01, 15 February 2011 (2011-02-15), pages 58 - 61 * |
王伟;杨永川;: "Windows Vista系统日志文件格式分析及数据恢复", 计算机安全, no. 04, 15 April 2009 (2009-04-15), pages 122 - 125 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117742782A (zh) * | 2024-02-19 | 2024-03-22 | 成都九洲电子信息系统股份有限公司 | 用于软件系统的日志数据跨语言自动记录方法及系统 |
CN117742783A (zh) * | 2024-02-19 | 2024-03-22 | 成都九洲电子信息系统股份有限公司 | 用于软件系统的日志数据跨语言自动记录方法 |
CN117742783B (zh) * | 2024-02-19 | 2024-06-07 | 成都九洲电子信息系统股份有限公司 | 用于软件系统的日志数据跨语言自动记录方法 |
CN117742782B (zh) * | 2024-02-19 | 2024-06-11 | 成都九洲电子信息系统股份有限公司 | 用于软件系统的日志数据跨语言自动记录方法及系统 |
Also Published As
Publication number | Publication date |
---|---|
CN116450885B (zh) | 2024-05-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN116450885B (zh) | 一种Windows事件日志文件的数据重构方法 | |
CN108664375B (zh) | 用于检测计算机网络系统用户的异常行为的方法 | |
Cohen et al. | Capturing, indexing, clustering, and retrieving system history | |
US9047269B2 (en) | Modeling interactions with a computer system | |
US8554740B2 (en) | Recording a log of operations | |
Aharon et al. | One graph is worth a thousand logs: Uncovering hidden structures in massive system event logs | |
CN103888490A (zh) | 一种全自动的web客户端人机识别的方法 | |
US10652255B2 (en) | Forensic analysis | |
CN108040045B (zh) | 访问流量文件的生成方法、装置、服务器及存储介质 | |
JP5102556B2 (ja) | ログ解析支援装置 | |
CN110737639A (zh) | 审计日志方法、装置、计算机设备及存储介质 | |
US7451145B1 (en) | Method and apparatus for recursively analyzing log file data in a network | |
Barakat et al. | Windows forensic investigations using powerforensics tool | |
JP5102555B2 (ja) | ログ解析支援装置 | |
CN114422341B (zh) | 一种基于指纹特征的工控资产识别方法及系统 | |
CN111817867A (zh) | 分布式环境下进行多日志协同分析的方法及系统 | |
Kävrestad et al. | Collecting Data | |
US11755430B2 (en) | Methods and systems for storing and querying log messages using log message bifurcation | |
JP2007200047A (ja) | アクセスログ表示システムおよび方法 | |
JP5061316B1 (ja) | 通信パケット解析装置 | |
CN111459756A (zh) | 一种日志处理方法及相关设备 | |
KR102600770B1 (ko) | 공개출처정보와 스냅샷 사이의 링크 정보를 자동으로 생성하는 공개출처정보 포렌식 시스템 및 그 동작 방법 | |
Adegbehingbe et al. | Improved Decay Tolerant Inference of Previously Uninstalled Computer Applications | |
KR102518107B1 (ko) | 공개출처정보 포렌식 시스템 및 그 동작 방법 | |
CN117312175B (zh) | 数据处理方法、装置、计算机设备及存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40087946 Country of ref document: HK |
|
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: Unit 703, F14 Building, No. 1110 Jimei North Avenue, Software Park Phase III, Xiamen Torch High tech Zone, Xiamen, Fujian Province, 361000 Applicant after: Xiamen xingbaibang Technology Co.,Ltd. Address before: 363, unit 3, Yicheng street, Xiamen, Fujian Province Applicant before: Xiamen xingbaibang Technology Co.,Ltd. |
|
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Country or region after: China Address after: Unit 703, F14 Building, No. 1110 Jimei North Avenue, Software Park Phase III, Xiamen Torch High tech Zone, Xiamen City, Fujian Province, 361000 (legal document delivery address) Applicant after: Xiamen xingbaibang Technology Co.,Ltd. Address before: Unit 703, F14 Building, No. 1110 Jimei North Avenue, Software Park Phase III, Xiamen Torch High tech Zone, Xiamen, Fujian Province, 361000 Applicant before: Xiamen xingbaibang Technology Co.,Ltd. Country or region before: China |
|
GR01 | Patent grant | ||
GR01 | Patent grant |