Bayyinah, A Log Analysis Forensics Tool

As internet attacks continue to increase, organizations need a security product that can predict attacks before they occur. One way to predict such attacks is by performing a comprehensive analysis of data logs. Log files contain information that is useful to any organization for auditing, but on the other hand, logs are among the earliest data sources that specialists check when an attack occurs. It is common for log analysis to rely on queries based on relational databases which are inefficient especially as the size of stored logs is considered big data. Our framework will utilize tools for storing, indexing and querying big data. On this paper, we propose to build a data mining engine to detect abnormal/suspicious activities from the processed logs. The analysis will be easily visualized through a graphical user interface for digital forensics investigations.