Date of Award
3-14-2014
Document Type
Thesis
Degree Name
Master of Science
Department
Department of Electrical and Computer Engineering
First Advisor
Thomas E. Dube, PhD.
Abstract
In practice, organizations with their own information technology infrastructure normally log or otherwise monitor network information at boundary routers and similar network devices that are log-capable. However, not all organizations opt to log local system information, such as an employee's organization-owned workstation activity. This research explores one approach to logging pertinent local system information using multithreading and free software designed for such logging purposes as well as utilities that come with the Microsoft Windows 7 Operating System. Research focuses on file downloads on the local system and combines the aforementioned pieces of software into an event logging suite. The event logging suite consists of four different sensors and utilizes multithreading in an attempt to effectively capture as many pertinent events as possible, with the ultimate goal of capturing 100% of the events in chronological order of actual occurrence. Specifically, the event logging suite increases the number of processes and thus threads that two of the four sensors, Windows NETSTAT and tasklist utilities respectively, in the suite execute in order to determine the optimal settings for the two sensors. To add some realism to the experiments, this research implements three different system loads to simulate user activity on the system while a scripted file-download scenario executes and the logging suite actively captures events. Ultimately, the performance accuracies of the NETSTAT and tasklist sensors across numerous tests show that while the sensors can capture above 85% of the expected number of events, neither are capable of consistently achieving this accuracy, even under a low system load.
AFIT Designator
AFIT-ENG-14-M-31
DTIC Accession Number
ADA599680
Recommended Citation
Gallagher, Daniel M., "Analysis of Effects of Sensor Multithreading to Generate Local System Event Timelines" (2014). Theses and Dissertations. 601.
https://scholar.afit.edu/etd/601
Comments
Not to be confused with Daniel Gallagher (M.S., 2009). https://scholar.afit.edu/etd/2479