CN116450885B - 一种Windows事件日志文件的数据重构方法 - Google Patents
一种Windows事件日志文件的数据重构方法 Download PDFInfo
- Publication number
- CN116450885B CN116450885B CN202310112341.7A CN202310112341A CN116450885B CN 116450885 B CN116450885 B CN 116450885B CN 202310112341 A CN202310112341 A CN 202310112341A CN 116450885 B CN116450885 B CN 116450885B
- Authority
- CN
- China
- Prior art keywords
- event
- windows
- file
- data
- files
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 239000000284 extract Substances 0.000 claims abstract description 5
- 238000004458 analytical method Methods 0.000 claims description 14
- 238000013507 mapping Methods 0.000 claims description 7
- 238000004140 cleaning Methods 0.000 claims description 5
- 239000012634 fragment Substances 0.000 claims description 4
- 238000000605 extraction Methods 0.000 claims description 2
- 230000008521 reorganization Effects 0.000 claims 1
- 238000005215 recombination Methods 0.000 abstract description 2
- 230000006798 recombination Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000007405 data analysis Methods 0.000 description 4
- 230000006399 behavior Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/80—Information retrieval; Database structures therefor; File system structures therefor of semi-structured data, e.g. markup language structured data such as SGML, XML or HTML
- G06F16/84—Mapping; Conversion
- G06F16/86—Mapping to a database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/80—Information retrieval; Database structures therefor; File system structures therefor of semi-structured data, e.g. markup language structured data such as SGML, XML or HTML
- G06F16/84—Mapping; Conversion
- G06F16/88—Mark-up to mark-up conversion
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
Description
Claims (8)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310112341.7A CN116450885B (zh) | 2023-02-14 | 2023-02-14 | 一种Windows事件日志文件的数据重构方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310112341.7A CN116450885B (zh) | 2023-02-14 | 2023-02-14 | 一种Windows事件日志文件的数据重构方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116450885A CN116450885A (zh) | 2023-07-18 |
CN116450885B true CN116450885B (zh) | 2024-05-03 |
Family
ID=87134411
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310112341.7A Active CN116450885B (zh) | 2023-02-14 | 2023-02-14 | 一种Windows事件日志文件的数据重构方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116450885B (zh) |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6158019A (en) * | 1996-12-15 | 2000-12-05 | Delta-Tek Research, Inc. | System and apparatus for merging a write event journal and an original storage to produce an updated storage using an event map |
KR100857036B1 (ko) * | 2007-04-20 | 2008-09-05 | (주)엔텔스 | 과금 시스템에서 트랜잭션 로그 파일을 이용한 장애 복구방법 및 그 장치 |
US8086650B1 (en) * | 2007-06-15 | 2011-12-27 | Ipswitch, Inc. | Method for transforming and consolidating fields in log records from logs generated on different operating systems |
US8918371B1 (en) * | 2014-05-27 | 2014-12-23 | Flexera Software Llc | Systems and methods for event log compensation |
CN106371953A (zh) * | 2015-07-22 | 2017-02-01 | 奥普塔姆软件股份有限公司 | 紧凑二进制事件日志生成 |
CN106789195A (zh) * | 2016-12-02 | 2017-05-31 | 华为技术有限公司 | 一种事件处理方法及网管设备、服务器 |
CN113569234A (zh) * | 2021-06-17 | 2021-10-29 | 南京大学 | 一种用于安卓攻击场景重建的可视化取证系统及实现方法 |
CN114915479A (zh) * | 2022-05-18 | 2022-08-16 | 中国科学院信息工程研究所 | 一种基于Web日志的Web攻击阶段分析方法及系统 |
CN115129494A (zh) * | 2022-08-31 | 2022-09-30 | 浙江工业大学 | 一种基于Windows内核的事件日志采集方法及系统 |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040254919A1 (en) * | 2003-06-13 | 2004-12-16 | Microsoft Corporation | Log parser |
US8126874B2 (en) * | 2006-05-09 | 2012-02-28 | Google Inc. | Systems and methods for generating statistics from search engine query logs |
US20080256142A1 (en) * | 2007-04-10 | 2008-10-16 | Apertio Limited | Journaling in network data architectures |
US11190420B2 (en) * | 2018-10-31 | 2021-11-30 | Salesforce.Com, Inc. | Generating events from host based logging for consumption by a network logging host |
US20220066998A1 (en) * | 2020-08-26 | 2022-03-03 | Vmware, Inc. | Methods and systems that identify computational-entity transactions and corresponding log/event-message traces from streams and/or collections of log/event messages |
-
2023
- 2023-02-14 CN CN202310112341.7A patent/CN116450885B/zh active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6158019A (en) * | 1996-12-15 | 2000-12-05 | Delta-Tek Research, Inc. | System and apparatus for merging a write event journal and an original storage to produce an updated storage using an event map |
KR100857036B1 (ko) * | 2007-04-20 | 2008-09-05 | (주)엔텔스 | 과금 시스템에서 트랜잭션 로그 파일을 이용한 장애 복구방법 및 그 장치 |
US8086650B1 (en) * | 2007-06-15 | 2011-12-27 | Ipswitch, Inc. | Method for transforming and consolidating fields in log records from logs generated on different operating systems |
US8918371B1 (en) * | 2014-05-27 | 2014-12-23 | Flexera Software Llc | Systems and methods for event log compensation |
CN106371953A (zh) * | 2015-07-22 | 2017-02-01 | 奥普塔姆软件股份有限公司 | 紧凑二进制事件日志生成 |
CN106789195A (zh) * | 2016-12-02 | 2017-05-31 | 华为技术有限公司 | 一种事件处理方法及网管设备、服务器 |
CN113569234A (zh) * | 2021-06-17 | 2021-10-29 | 南京大学 | 一种用于安卓攻击场景重建的可视化取证系统及实现方法 |
CN114915479A (zh) * | 2022-05-18 | 2022-08-16 | 中国科学院信息工程研究所 | 一种基于Web日志的Web攻击阶段分析方法及系统 |
CN115129494A (zh) * | 2022-08-31 | 2022-09-30 | 浙江工业大学 | 一种基于Windows内核的事件日志采集方法及系统 |
Non-Patent Citations (6)
Title |
---|
A formal model for event reconstruction in digital forensic investigation;Soltani S 等;Digital Investigation;20190930;148-160 * |
Hemdan 等.Spark-based log data analysis for reconstruction of cybercrime events in cloud environment.2017 Internatioanl Conference on Circuit,Power and Computing Technologies(ICCPCT).2017,1-8. * |
Windows Vista系统日志文件格式分析及数据恢复;王伟;杨永川;;计算机安全;20090415(第04期);122-125 * |
Windows Vista系统日志雕复方法研究与实现;楼永坚;王鹏;;杭州电子科技大学学报;20110215(第01期);58-61 * |
一种基于日志关联分析的取证模型;周建华;;计算机时代;20071002(第10期);28-30 * |
网络安全日志可视化取证分析系统设计与实现;唐新宇;《中国优秀硕士学位论文全文数据库·信息科技辑》;20180815(第 08 期);1-64 * |
Also Published As
Publication number | Publication date |
---|---|
CN116450885A (zh) | 2023-07-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108664375B (zh) | 用于检测计算机网络系统用户的异常行为的方法 | |
US9633106B1 (en) | Log data analysis | |
Cohen et al. | Capturing, indexing, clustering, and retrieving system history | |
US8554740B2 (en) | Recording a log of operations | |
Aharon et al. | One graph is worth a thousand logs: Uncovering hidden structures in massive system event logs | |
US20070100994A1 (en) | Modeling Interactions with a Computer System | |
US20140013302A1 (en) | Log configuration of distributed applications | |
CN103888490A (zh) | 一种全自动的web客户端人机识别的方法 | |
US7908239B2 (en) | System for storing event data using a sum calculator that sums the cubes and squares of events | |
CN111638908A (zh) | 接口文档生成方法、装置、电子设备及介质 | |
CN108040045B (zh) | 访问流量文件的生成方法、装置、服务器及存储介质 | |
JP5102556B2 (ja) | ログ解析支援装置 | |
US7451145B1 (en) | Method and apparatus for recursively analyzing log file data in a network | |
CN116450885B (zh) | 一种Windows事件日志文件的数据重构方法 | |
Barakat et al. | Windows forensic investigations using powerforensics tool | |
JP5102555B2 (ja) | ログ解析支援装置 | |
CN114422341B (zh) | 一种基于指纹特征的工控资产识别方法及系统 | |
JP2007200047A (ja) | アクセスログ表示システムおよび方法 | |
Margulies | A developer's guide to audit logging | |
JP5061316B1 (ja) | 通信パケット解析装置 | |
CN111459756A (zh) | 一种日志处理方法及相关设备 | |
CN117312175B (zh) | 数据处理方法、装置、计算机设备及存储介质 | |
Kävrestad et al. | Collecting Data | |
Good | AutoProv: An Automated File Provenance Collection Tool | |
JP5069057B2 (ja) | ログ解析支援装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40087946 Country of ref document: HK |
|
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: Unit 703, F14 Building, No. 1110 Jimei North Avenue, Software Park Phase III, Xiamen Torch High tech Zone, Xiamen, Fujian Province, 361000 Applicant after: Xiamen xingbaibang Technology Co.,Ltd. Address before: 363, unit 3, Yicheng street, Xiamen, Fujian Province Applicant before: Xiamen xingbaibang Technology Co.,Ltd. |
|
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Country or region after: China Address after: Unit 703, F14 Building, No. 1110 Jimei North Avenue, Software Park Phase III, Xiamen Torch High tech Zone, Xiamen City, Fujian Province, 361000 (legal document delivery address) Applicant after: Xiamen xingbaibang Technology Co.,Ltd. Address before: Unit 703, F14 Building, No. 1110 Jimei North Avenue, Software Park Phase III, Xiamen Torch High tech Zone, Xiamen, Fujian Province, 361000 Applicant before: Xiamen xingbaibang Technology Co.,Ltd. Country or region before: China |
|
GR01 | Patent grant | ||
GR01 | Patent grant |