Efficiency of Network Event logs as Admissible Digital Evidence

The large number of event logs generated in atypical network is increasingly becoming an obstacle for forensicinvestigators to analyze and use to detect and verify maliciousactivities. Research in the area of network forensics is trying toaddress the challenge of using network logs to reconstruct attackscenarios by proposing events correlation models. In this paperwe introduce and examine a new network forensics model thatmakes network event-logs admissible in the court of low. The ideaof our model is to collect available logs from connected networkdevices and then apply Support Vectors Machine (SVMs) in orderto filter out anomaly intrusion, and re-route these logs to a centralrepository where a event-logs management functions are applied.