CFP last date
20 June 2024
Reseach Article

A Review of Forensic Artifacts in a Windows 8 Environment

Published on July 2015 by Mohit Soni, Seema R. Pathak
Innovations in Computing and Information Technology (Cognition 2015)
Foundation of Computer Science USA
COGNITION2015 - Number 4
July 2015
Authors: Mohit Soni, Seema R. Pathak
a35adb96-874f-4e3b-bb16-eafa9b89a62f

Mohit Soni, Seema R. Pathak . A Review of Forensic Artifacts in a Windows 8 Environment. Innovations in Computing and Information Technology (Cognition 2015). COGNITION2015, 4 (July 2015), 25-28.

@article{
author = { Mohit Soni, Seema R. Pathak },
title = { A Review of Forensic Artifacts in a Windows 8 Environment },
journal = { Innovations in Computing and Information Technology (Cognition 2015) },
issue_date = { July 2015 },
volume = { COGNITION2015 },
number = { 4 },
month = { July },
year = { 2015 },
issn = 0975-8887,
pages = { 25-28 },
numpages = 4,
url = { /proceedings/cognition2015/number4/21910-2174/ },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Proceeding Article
%1 Innovations in Computing and Information Technology (Cognition 2015)
%A Mohit Soni
%A Seema R. Pathak
%T A Review of Forensic Artifacts in a Windows 8 Environment
%J Innovations in Computing and Information Technology (Cognition 2015)
%@ 0975-8887
%V COGNITION2015
%N 4
%P 25-28
%D 2015
%I International Journal of Computer Applications
Abstract

Forensic artifacts refer to bits of information that an operating system records, when a user is using his computer system. These bits of data are user/session specific and provide all information regarding the use of a particular application or program along with the necessary time stamps. A digital forensic investigator needs to be aware of such artifacts in order to perform a legally acceptable, accurate and tool-independent analysis of a questioned system. This paper provides a comprehensive review guide for all forensic artifacts available in a Windows 8 environment. These artifacts supply both conclusive and probative evidence to an investigator and form vital preliminaries of incident response in a digital crime scenario.

References
  1. Carvey H. Jumplistsanalysis, Windows Incident Response Blog, August 172011 http://windowsir. blogspot. in/2011/08/jump-list-analysis. html
  2. Carvey H. Registry analysis, SANS Forensics summit 2009, Accessed on 2014 October 15http://computer-forensics. sans. org/summit-archives/2009/8-harlan-carvey-registry-analysis. pdf
  3. Farmer D. A forensics analysis of the windows Registry. -Accessedon2013October22http://eptuners. com/forensics/contents/examination. htm
  4. Harrell C. Volume Shadow Copy Timeline, Journey into incident response Blog, Sunday, March 25, 2012 http://journeyintoir. blogspot. in/2012/03/volume-shadow-copy-timeline. html
  5. How to repair Windows desktop icons with AB Commander,Wednesday,May4th,2011http://www. winability. com/info/icon-cache/
  6. Farmer D. , "A Forensic Analysis of Windows Registry", Forensic Focus 2014http://www. forensicfocus. com/a-forensic-analysis-of-the-windows-registry
  7. Lee R. , "Digital Forensics and Incident Response Poster"22nd Edition' 2012 http://computer-forensics. sans. org
  8. Mueller L. , "Windows 7 Forensics Thumbcache_*. db". PostedJanuary10th,2010http://www. forensickb. com/2010/01/windows-7-forensics-part-iv. html
  9. Wong WernL. , "Forensic Analysis of Windows Registry", Accessed 23rd December' 2014, http://www. forensicfocus. com
  10. Johnson K. ' "Windows 8 recovery forensics", SANS DFIASUMMIT2012. https://computerforensics. sans. org/summit-archives/2012/windows-8-recovery-forensics-understanding-the-three-rs. pdf
  11. Collie J. , "The windows IconCache. db: A Resource of Forensic Artifacts from USB connectable devices", Vol. 9, Issue 3-4, Digital Investigation, Elsevier 2013, Pg. 200-210.
  12. Johnson K. W. , "Windows 8: Recovery Forensics", : In Proceedings of SANS DFIR Summit 2012https://digital-forensics. sans. org/summit-archives/2012
  13. Koepi D. , "Taking One Byte at a Time", Posted September29,2013https://davidkoepi. wordpress. com/category/windows-artifacts/
  14. Lee R. , "Windows 7 Computer Forensics", SANS Digital Forensics and Incident Response Blog, Posted October 27th 2009http://digitalforensics. sans. org/blog/2009/10/27/windows-7-computer-forensics
  15. "Managing Roaming User Data Deployment Guide ", accessed December 25th2014https://technet. microsoft. com/en-us/library/cc766489%28v=ws. 10%29. aspx
  16. Miller J. M. , "Build: More Details On Building Windows 8 Metro Apps", Forward Thinking, PC Magazine September 2014 http://forwardthinking. pcmag. com/show-reports/287736-build-more-details-on-building-windows-8-metro-apps
  17. "Windows Sensor and Location Platforms":accessed on October 10th 2014http://archive. msdn. microsoft. com/
  18. Lynes R. , " Forensic Analysis of Windows 7 Jump Lists", Forensic Focus , created October 30th, 2012. http://articles. forensicfocus. com/2012/10/30/forensic-analysis-of-windows-7-jump-lists/
  19. Thomson A. C. F, "Windows 8: Forensic Guide", Windows8ConsumerGuide2012https://propellerheadforensics. files. wordpress. com/2012/05/thomson_windows-8-forensic-guide2. pdf
Index Terms

Computer Science
Information Sciences

Keywords

Artifacts Digital Forensics Analysis Incident Response Log Files Mac Pathway Probative Evidence Registry Timestamps Windows 8