Breadcrumb

 
 

A Forensic Web Log Analysis Tool: Techniques and Implementation

Title:

A Forensic Web Log Analysis Tool: Techniques and Implementation

Fry, Ann (2011) A Forensic Web Log Analysis Tool: Techniques and Implementation. Masters thesis, Concordia University.

[img]
Preview
PDF (A Forensic Web Log Analysis Tool: Techniques and Implementation Final Version PDF/A format) - Accepted Version
4Mb

Abstract

Methodologies presently in use to perform forensic analysis of web applications are decidedly
lacking. Although the number of log analysis tools available is exceedingly large, most only employ
simple statistical analysis or rudimentary search capabilities. More precisely these tools were not
designed to be forensically capable. The threat of online assault, the ever growing reliance on the
performance of necessary services conducted online, and the lack of efficient forensic methods in this
area provide a background outlining the need for such a tool. The culmination of study emanating
from this thesis not only presents a forensic log analysis framework, but also outlines an innovative
methodology of analyzing log files based on a concept that uses regular expressions, and a variety
of solutions to problems associated with existing tools. The implementation is designed to detect
critical web application security flaws gleaned from event data contained within the access log files
of the underlying Apache Web Service (AWS).
Of utmost importance to a forensic investigator or incident responder is the generation of an event
timeline preceeding the incident under investigation. Regular expressions power the search capability
of our framework by enabling the detection of a variety of injection-based attacks that represent
significant timeline interactions. The knowledge of the underlying event structure of each access log
entry is essential to efficiently parse log files and determine timeline interactions. Another feature
added to our tool includes the ability to modify, remove, or add regular expressions. This feature
addresses the need for investigators to adapt the environment to include investigation specific queries
along with suggested default signatures. The regular expressions are signature definitions used to
detect attacks toward both applications whose functionality requires a web service and the service
itself. The tool provides a variety of default vulnerability signatures to scan for and outputs resulting
detections.

Divisions:Concordia University > Faculty of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Fry, Ann
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Information Systems Security
Date:30 July 2011
Thesis Supervisor(s):Debbabi, Mourad
Keywords:Forensics Log Analysis
ID Code:7769
Deposited By:ANN FRY
Deposited On:17 Nov 2011 14:04
Last Modified:04 Jan 2012 15:25
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Document Downloads

More statistics for this item...

Concordia University - Footer