Electronic systems, such as computers or groups of computers, often provide log files for storing information related to various computing activities. Log files are conventionally used by processes running on a computer to report events that the processes have performed or detected. In a typical scenario, processes running on a computer obtain timestamps from the computer and append the timestamps to event records written to the log file.
With event records written to a log file in this manner, users can access the log file to view events along a common timeline. For example, users may be able to view the log file to observe sequences of computing events occurring across different portions of a computer.
Forensic analysis tools often employ log files to identify events leading up to and following suspect activity. For example, RSA, the security division of EMC Corporation of Hopkinton, Mass., provides a forensic suite of tools called NetWitness, which, in addition to many other functions, creates log files relating to network activities and analyzes the log files to obtain forensic information about malicious network behavior.