RECONYMOUS – An Open-Source User Activity Monitoring/Timeline Solution
Abstract
Reconymous concentrates on endpoint detection and analysis based on the user activities and available log data from the corresponding windows machine(s). Reconymous is a file forensic tool which enables the analyst/user to get a visualized approach to monitor any access/modification/deletion of any user files and/or system files. The biggest question in today’s day and age of a cybersecurity analyst is when did a system get compromised or which file/files were modified, by whom, by which process and when. Manually capturing this data requires hours of manual effort and sometimes the trail is lost. Although custom EDRs monitor this but have a significant cost attached to it making the solution out of reach for MSME’s or SMME’s. Current solutions also require a system endpoint which the user can easily remove, or a malicious program can easily corrupt/disable. Since we rely on basic logs of the operating system to receive this information we are applying an approach where system generated logs are utilized and forensics data is available on a complete open source solution for review/audit or investigation purposes
Published in:
International Journal of Engineering Research & Technology (IJERT) NCAIT – 2020 (Volume 8)