Home > Log File Recovery

For a computer forensic professional recovery of the log files is am important task. Most of the computer forensics is dependent on the log files. Let us try to discuss the importance of the log files. Log files are those files that are created by the user’s operating system when ever a task is performed.

From the starting of the operating system and loading the personnel settings of the user there exists a Big Brother kernel that is responsible for monitoring the user activities. Log files are the system files that provide the information about the activities of the user. Log files contain the date and the time stamps to show the record of the user’s activities.

If the computer criminal is intelligent one not to live any evidence then it is also possible that he may delete the log files. Or corrupt the log files. The log files are important not only in investigation but more important in proving the point in the court of law.

What ever may be the truth but the evidence matters a lot in the court of law. Hence the log files play an important role in determining the fate of the computer criminal. If in case the log files are lost then the data recovery process to recover the log files should be initiated. Log files are not only created by the operating system but some other application software as well. For example the database application software requires a mandatory login with a password prompt.

The database applications are so designed to record in a simple text file the activities of the user. This helps in tracking the changes that are made to the database.

Most of the log files are usually stored in the text format. If the computer administrator is clever enough to employ a key logger program then the task of computer forensics professional becomes much simpler. The computer forensics professional uses this key logger text file and scans the contents to read the information and the actions carried out by the user.

The key logger program’s trick is to store each of the key strokes of the key board into a text file. But a disadvantage regarding the key logger program is that the forensics professional is left with the task of studying most of the irrelevant information since all the key strokes are recorded.

It is also possible that the log files may be in some cases in the encrypted format. The computer forensics professional should be well versed with all the techniques and the different types of the log files. It is required for him to decrypt the encrypted log files.

There are even hard ware key loggers that can be used to record the information. The hard ware key logger’s example is ‘Key Ghost’ key logger. It is a small device that can store some 5 mega bytes of data in the text format. It is connected in between the keyboard and the computer. The log files play an important in the tracking the culprit of computer crime.

If they are lost and could not be recovered then the task of a computer forensics expert is very much difficult. Hence utmost care must be taken to preserve the log files with our tampering the data in it.

More Information
Intentional Data Loss
Operating System
Basics Computer Forensic
Software Computer Forensic
Computer Forensic Professional
Computer Forensics Impact
Need for Computer Forensics
Computer Forensic Service
Training
Policies
Computer Forensics Advantages
Computer Forensics Disadvantages
Online Support
Business Organization
Analysis Computer Forensics
Steganalysis
Evidence Tracking
Network Forensic Tool
Cryptography
Hackers
Cracker
Internet Security
Firewall
Network Forensic Tool
Acquiring Evidence