DIGITAL FORENSIC ANALYSIS OF SYSTEM ACCESS ACTIVITY USING SERVER LOGS
DOI:
10.5281/zenodo.21338090Published:
2026-07-13Downloads
Abstract
This study examines how server log data can be utilized as digital evidence through a structured forensic analysis approach. The proposed framework integrates multiple log sources, including authentication, system, application, and network logs, to reconstruct system access activities. The proposed method applies rule-based correlation and statistical thresholding to detect anomalies across multi-source logs. Experimental results based on 247,318 log entries indicate that the proposed approach achieves a detection rate of 94.7% with a false positive rate of 3.2%. The analysis identifies multiple categories of security threats, including brute force attacks, privilege escalation, data exfiltration, and forensic trace obfuscation.
Keywords:
Digital Forensics Log Analysis Intrusion Detection Log Correlation CybersecurityReferences
[1] H. Studiawan, F. Sohel, and C. Payne, "A survey on forensic investigation of operating system logs," Digital Investigation, vol. 28, pp. S70–S82, 2019. DOI: https://doi.org/10.1016/j.diin.2019.02.005
[2] M. Debbabi et al., "Analyzing multiple logs for forensic evidence," Digital Investigation, vol. 4, no. 3–4, pp. 137–147, 2007. DOI: https://doi.org/10.1016/j.diin.2007.06.013
[3] F. Cuppens, N. Cuppens-Boulahia, and T. Sans, "Forensic analysis of logs: Modeling and verification," Knowledge-Based Systems, vol. 20, no. 7, pp. 615–630, 2007. DOI: https://doi.org/10.1016/j.knosys.2007.05.002
[4] S. Zawoad and R. Hasan, "Towards building a cloud forensics logging framework," Journal of Information Security and Applications, vol. 38, pp. 125–137, 2018. DOI: https://doi.org/10.1016/j.jisa.2018.07.008
[5] M. Pavlidis et al., "Digital forensics cloud log unification," Journal of Information Security and Applications, vol. 54, 2020. DOI: https://doi.org/10.1016/j.jisa.2020.102555
[6] M. Hirano et al., "LogDrive: A proactive data collection framework for digital forensics in cloud environments," Journal of Cloud Computing, vol. 7, no. 1, 2018. DOI: https://doi.org/10.1186/s13677-018-0119-2
[7] J. Oh et al., "Forensic detection of timestamp manipulation in digital systems," IEEE Access, vol. 12, 2024. DOI: https://doi.org/10.1109/ACCESS.2024.3395644
[8] M. Behl and K. Behl, "Cybersecurity and cyberwar: What everyone needs to know," Oxford University Press, 2017. DOI: https://doi.org/10.1093/wentk/9780198792265.001.0001
[9] B. Carrier and E. H. Spafford, "Getting physical with the digital investigation process," International Journal of Digital Evidence, vol. 2, no. 2, 2003.
[10] K. Kent et al., "Guide to integrating forensic techniques into incident response," NIST Special Publication 800-86, 2006. DOI: https://doi.org/10.6028/NIST.SP.800-86
[11] E. Casey, "Digital Evidence and Computer Crime," 3rd ed., Academic Press, 2011. DOI: https://doi.org/10.1016/C2009-0-64001-0
[12] R. Behl and S. Behl, "Cybersecurity analytics: a stochastic model for security events detection," IEEE, 2016. DOI: https://doi.org/10.1109/ICCSS.2016.7586394
[13] M. A. Ferrag et al., "Deep learning for cyber security intrusion detection: approaches and datasets," Future Generation Computer Systems, vol. 109, pp. 121–140, 2020. DOI: https://doi.org/10.1016/j.future.2020.02.002
[14] W. Lee and S. J. Stolfo, "Data mining approaches for intrusion detection," USENIX Security Symposium, 1998.
[15] R. Sommer and V. Paxson, "Outside the closed world: On using machine learning for network intrusion detection," IEEE Symposium on Security and Privacy, 2010. DOI: https://doi.org/10.1109/SP.2010.25
License
Copyright (c) 2026 Avram Fadhilah, Hendra Gunawan

This work is licensed under a Creative Commons Attribution 4.0 International License.




