METHODS FOR AUTOMATING CYBERSECURITY INCIDENT INVESTIGATION BASED ON WINDOWS OPERATING SYSTEM LOGS USING PYTHON TO SUPPORT INFORMATION SECURITY MANAGEMENT
DOI:
https://doi.org/10.28925/2663-4023.2026.33.1219Keywords:
operating systems, information security, cyber threats, cybersecurity incidents, programming, information security management, logging, computer forensics, information security risksAbstract
The article presents an approach to the analysis and visualization of information security risks based on the processing of system and network logs using automation software. An algorithm in Python has been developed that provides collection, structuring and analysis of events occurring in the operating system and network devices in order to detect potentially suspicious activity. Pandas and datetime libraries were used for data processing, which allow for efficient work with large amounts of information and time stamps, and matplotlib was used to visualize the results, which provides a visual representation of patterns and anomalies. The algorithm classifies events according to certain criteria of suspicious activity, taking into account their type, frequency and time characteristics. The resulting graphical models allow assessing the level of risk in different segments of the system and making informed management decisions regarding information security. An experimental verification of the algorithm was carried out using real logs, which confirmed its effectiveness in early detection of anomalous behavior and optimization of monitoring processes. The results of the study emphasize the importance of integrating log analysis and data visualization methods into modern information security management systems. The use of automation software helps minimize the human factor, increase the accuracy of risk assessment and the efficiency of responding to threats. The article has practical and scientific significance, as it offers a methodology for building an effective monitoring system and early warning of cybersecurity incidents
Downloads
References
Alzu’bi, A., Darwish, O., Albashayreh, A., & Tashtoush, Y. (2025). Cyberattack event logs classification using deep learning with semantic feature analysis. Computers & Security, 150, 104222. https://doi.org/10.1016/j.cose.2024.104222
Popov, O., et al. (2018). Conceptual approaches for development of informational and analytical expert system for assessing the NPP impact on the environment. Nuclear and Radiation Safety, 3(79), 56-65. https://doi.org/10.32918/nrs.2018.3(79).09
Muthusamy, P., Shanmugam, V., Kapilsurya, R., & Saran Kumar, R. (2024). Python-based security operations center (SOC) and forensics analysis for incident cyber threats. International Journal for Research in Applied Science and Engineering Technology. https://doi.org/10.22214/ijraset.2024.60403
Wikipedia contributors. (n.d.). Log analysis. Wikipedia. https://en.wikipedia.org/wiki/Log_analysis
VPN Unlimited. (n.d.). Malware: Definition and types of malicious software. https://www.vpnunlimited.com/ua/help/cybersecurity/malware
Holt, W., Dawson, R., & Agoro, H. (2021). Development of an automated digital forensics toolkit for incidentresponse.https://www.researchgate.net/publication/389815869_Development_of_an_Automated_Digital_Forensics_Toolkit_for_Incident_Response
Havrysh, B. M., Tymchenko, O. V., Borzov, Y. O., & Kobevko, A. T. (2022). Classification of malicious software and main protection methods. Computer Technologies of Printing, 2(48), 142-154. https://sci.ldubgd.edu.ua/jspui/handle/123456789/12981
Kytsiuk, V. M., & Pupynin, O. S. (2024). Enterprise information security: Theoretical aspect. Modern Information Protection, (2), 103-108
Polotai, O. I. (2023). Use of computer forensics to ensure effective investigation of information and cybersecurity incidents. Bulletin of Lviv State University of Life Safety, 28, 73-80. https://doi.org/10.32447/20784643.28.2023.07
Tkachuk, R. L., Polotai, O. I., Balatska, V. S., Brych, T. B., & Kukharska, N. P. (2025). Modeling protection of operating systems against cyberattacks using Pearson’s criterion. Bulletin of Lviv State University of Life Safety, 31, 117-125. https://doi.org/10.32447/20784643.31.2025.12
Tsyrkaniuk, D., & Sokolov, V. (2024). Methodology for investigating information security incidents. Cybersecurity: Education, Science, Technique, 2(26), 140-154. https://doi.org/10.28925/2663-4023.2024.26.675
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Орест Полотай, Наталія Кухарська, Артур Ткаченко , Євген Сєдін, Максим Николайчук
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
