Methods for Using Intrusion Logs to Establish Criminal Evidence Against Intruders

The admissible rate of criminal evidence against intruders has continued to generate classical arguments because the reports extracted from intrusion lo gs are often disputed in many courts of law. Besides, forensic experts still spend excessive resources to prepare reports for litigation before intruders can be charged. Thus, we propose Forenlog Analyzer to lessen the aforementioned problems. The pattern of attacks in an intrusion log is partitioned into sixty subgroups according to the values held in the timestamp of the evidence and the overall uncertainty of the pattern is subsequently computed. Evaluation illustrates that neither the internal attributes nor the external attributes of attacks are sufficient to litigate intruders in courts of laws in all cases. The results further demonstrate that forensic analysts should not just destroy, include or ignore supportive evidence on the basis of their sizes without determine their inherent uncertainty.