AUDIT TRAIL

PRESENTED BY : RITIKA NAIR 1020054 SHREYA MEHTA 1020055

WHAT IS AUDIT TRAIL ????

 Audit trail or audit log is a chronological sequence

of audit records, each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function.
 Webopedia defines an audit trail as "a record

showing who has accessed a computer system and what operations he or she has performed during a given period of time."

BENEFITS AND OBJECTIVES:

 INDIVIDUAL ACCOUNTABILITY  RECONSTRUCTION OF EVENT

- OPERATOR INDUCED ERRORS - SYSTEM INDUCED ERRORS

 INTRUSION DETECTION  PROBLEM ANALYSIS  FLEXIBILITY

TYPES OF AUDIT TRAILS

 System-level audit trail  Application-level audit trail  User audit trail

AUDIT RECORDS
 A system can maintain several different audit trails concurrently. There are typically two kinds of audit records, 

(1) An event-oriented log Event-based logs usually contain records describing system events, application events, or user events. (2) a record of every keystroke, often called keystroke monitoring.

REVIEW OF AUDIT TRAILS

 Audit Trail Review After an Event  Periodic Review of Audit Trail Data  Real-Time Audit Analysis

TOOLS OF AUDIT TRAILS

Many types of tools have been developed to help to reduce the amount of information contained in audit records, as well as to distill useful information from the raw data. They are ..-:
(a) Audit reduction tools (b) Trends/variance-detection tools (c) Attack signature-detection tools

COST CONSIDERATIONS INVOLVED

1. SYSTEM AND ADDITIONAL SYSTEM

2. HUMAN AND MACHINE TIME

3. COST OF INVESTIGATING ANOMALOUS EVENTS