The log refers to some operations of certain objects and their operating results, according to the time order. Each log file consists of log records which describe every single systematic event It is valuable to find out how to search for effective computer evidence by making full use of logs in the computer forensics field. This paper analyzes the important role of log files and log analysis in computer forensics, and reviews the basic and correlating analytic methods for log analysis, and points out the directions for log analysis development.%日志是指系统所指定对象的某些操作和其操作结果按时问有序的集合,每个日志文件由日志记录组成,每条日志记录描述了一次单独的系统事件,如何充分利用日志发掘有效的计算机证据,是计算机取证研究领域中一个重要的问题.本文分析了日志文件及日志分析在计算机取证中的重要作用,综述了日志分析的基本方法和关联分析方法,指出日志分析技术的发展方向.
展开▼
