A Review of Forensic Artifacts in a Windows 8 Environment
نویسندگان
چکیده
Forensic artifacts refer to bits of information that an operating system records, when a user is using his computer system. These bits of data are user/session specific and provide all information regarding the use of a particular application or program along with the necessary time stamps. A digital forensic investigator needs to be aware of such artifacts in order to perform a legally acceptable, accurate and tool-independent analysis of a questioned system. This paper provides a comprehensive review guide for all forensic artifacts available in a Windows 8 environment. These artifacts supply both conclusive and probative evidence to an investigator and form vital preliminaries of incident response in a digital crime scenario.
منابع مشابه
A forensic insight into Windows 10 Jump Lists
The records maintained by Jump Lists have the potential to provide a rich source of evidence about users’ historic activity to the forensic investigator. The structure and artifacts recorded by Jump Lists have been widely discussed in various forensic communities since its debut in Microsoft Windows 7. However, this feature has more capabilities to reveal evidence in Windows 10, due to its modi...
متن کاملA Consistency Study of the Windows Registry
This paper proposes a novel method for checking the consistency of forensic registry artifacts by gathering event information from the artifacts and analyzing the event sequences based on the associated timestamps. The method helps detect the use of counter-forensic techniques without focusing on one particular counter-forensic tool at a time. Several consistency checking models are presented t...
متن کاملAnalyzing registry, log files, and prefetch files in finding digital evidence in graphic design applications
The products of graphic design applications leave behind traces of digital information which can be used during a digital forensic investigation in cases where counterfeit documents have been created. This paper analyzes the digital forensics involved in the creation of counterfeit documents. This is achieved by first recognizing the digital forensic artifacts left behind from the use of graphi...
متن کاملA Review on Forensic Investigation Using Windows Registry and Event Log Files
Cyber attack comes in various approach and forms, either internally or externally. Access from remote machines and spyware are forms of cyber attack leaving an organization to be susceptible to vulnerability. This paper provide an investigation of illegal activities and potential evidence of cyber attack through studying the registry on the Windows 7 and Event Log Files. The aim is to trace the...
متن کاملScope of Practice of Forensic Midwifery: An Integrative Review
Background & aim: Forensic midwifery is a new major which has been established in response to the need of endangered women for forensic services and also the lack of service provision in this domain. However, there are ambiguities in the definition of this major and its scope of practice. The present study was conducted to investigate the scope of practice in forensic ...
متن کامل