Messenger Forensics on Windows Vista and Windows 7
نویسندگان
چکیده
The purpose of this study is to identify several areas of forensic interest within the Yahoo! Messenger application, which are of forensic significance. This study focuses on new areas of interest within the file structure of Windows Vista and Windows 7. One of the main issues with this topic is that little research has been previously conducted on the new Windows platforms. Previously conducted research indicates the evidence found on older file structures, such as Windows XP, as well as outdated versions of Yahoo! Messenger. Several differences were found within the Yahoo Messenger’s registry keys and directory structure on Windows Vista and Windows 7 as compared to Windows XP.
منابع مشابه
Messenger Forensics on Windows Vista and Windows
The purpose of this study is to identify several areas of forensic interest within the Yahoo! Messenger application, which are of forensic significance. This study focuses on new areas of interest within the file structure of Windows Vista and Windows 7. One of the main issues with this topic is that little research has been previously conducted on the new Windows platforms. Previously conducte...
متن کاملYahoo! Messenger Forensics on Windows Vista and Windows 7
The purpose of this study is to indicate several areas of interest within the Yahoo! Messenger application that are of forensic significance. This study will mainly focus on new areas of interest within the file structure of Windows Vista and Windows 7. One of the main issues with this topic is that little research has been previously conducted on the new Windows platforms. The previously condu...
متن کاملCyber Dumpster-Diving: $Recycle.Bin Forensics for Windows 7 and Windows Vista
Analysis of deleted files often provides useful information for the forensic computer examiner. Knowing where to find the deleted files, and how to interpret the metadata associated with the file’s deletion, make up the cornerstone of a successful forensic computer examination. Much like an office trash-can, the Microsoft Windows Recycle Bin is a temporary holding container for files that have ...
متن کاملAcquisition of Network Connection Status Information from Physical Memory on Windows Vista Operating System
A method to extract information of network connection status information from physical memory on Windows Vista operating system is proposed. Using this method, a forensic examiner can extract accurately the information of current TCP/IP network connection information, including IDs of processes which established connections, establishing time, local address, local port, remote address, remote p...
متن کاملImplementing Boot Control for Windows Vista
A digital forensic logging system must prevent the booting of unauthorized programs and the modification of evidence. Our previous research developed Dig-Force2, a boot control system for Windows XP platforms that employs API hooking and a trusted platform module. However, Dig-Force2 cannot be used for Windows Vista systems because the hooked API cannot monitor booting programs in user accounts...
متن کامل