Windows Registry Forensics: An Imperative Step in Tracking Data Theft via USB Devices
نویسندگان
چکیده
Owing to the increasing pace of occurrence of crimes in digital world, cyber forensic investigation is becoming a burning topic in the field of information security. Registry is an important location in Windows system that contains footprints of user activities and other configuration data, which may be valuable for forensic investigators in collecting potential evidences from the system. This work aims to point out the significance of Registry Analysis, and attempts to answer why it should be carried as a part of digital forensic investigation by demonstrating the role played by Registry in tracking data theft from system to USB external devices. Keywords— Forensics Analysis, Registry Analysis, Tracking Data Theft, USB footprints, Windows Forensics.
منابع مشابه
Detecting Data Leakage from Pod Slurping Based Attacks on a Windows XP Platform
Time is recognised to be a dimension of paramount importance in computer forensics. In this paper, we report on the potential of identifying past pod slurping type of attacks by constructing a synthetic metric based on information contained in filesystem timestamps. More specifically, by inferring the transfer rate of a file from last access timestamps and correlating that to the characteristic...
متن کاملA Forensic Analysis of the Windows Registry
This paper will introduce the Microsoft Windows Registry database and explain how critically important a registry examination is to computer forensics experts. In essence, the paper will discuss various types of Registry footprints and delve into examples of what crucial information can be obtained by performing an efficient and effective forensic examination. Many of the Registry keys that a...
متن کاملA Secure Data Transfer Algorithm for USB Mass Storage Devices to Protect Documents
The Universal Serial Bus (USB) has become the most popular interface standard for hardware connection, and there has been a huge growth in the number of USB peripheral devices. External USB storage devices, in particular, are the most popular applications in market. Unfortunately, because USB affords high speed data transmission and is extremely convenient to use, many companies have prohibited...
متن کاملOn the detection of pod slurping attacks
Time is recognised to be a dimension of paramount importance in computer forensics. In this paper, we report on the potential of identifying past pod slurping type of attacks by constructing a synthetic metric based on information contained in filesystem timestamps. More specifically, by inferring the transfer rate of a file from last access timestamps and correlating that to the characteristic...
متن کاملIntroduction to Windows Mobile Forensics
Windows Mobile devices are becoming more widely used and can be a valuable source of evidence in a variety of investigations. These portable devices can contain details about an individual’s communications, contacts, calendar, online activities, and whereabouts at specific times. Although forensic analysts can apply their knowledge of other Microsoft operating systems to Windows Mobile devices,...
متن کامل