The role of operating systems in computer forensics

Huebner, Ewa; Henskens, Frans

doi:10.1145/1368506.1368508

Cited by 8 publications

(3 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the forensic analysis of a desktop or laptop, the operating system provides a significant amount of information; the greater part of useful information we require is either generated by or contained within the operating system (Huebner & Henskens, 2008). Access to a particular system or device for forensic analysis could be at one of three levels:…”

Section: Embedded Devices and The Forensic Processmentioning

confidence: 99%

Locking Out the Investigator: The Need to Circumvent Security in Embedded Systems

Read

Sutherland

Xynos

et al. 2015

Information Security Journal: A Global Perspective

View full text Add to dashboard Cite

Embedded devices are becoming ubiquitous in both domestic and commercial environments. Although smartphones, tablets, and video game consoles are all labeled by their primary function, most of these devices offer additional features and are capable of additional interactivity. Given the proprietary nature of such devices in terms of hardware and software and the protection mechanisms incorporated into these systems, it is and will continue to be extremely difficult to use “traditional digital forensics” methodologies to access storage media and acquire data for analysis. This paper examines how consumer law may be stifling research that the forensic community could ultimately depend upon to examine devices

show abstract

Section: Embedded Devices and The Forensic Processmentioning

confidence: 99%

Locking Out the Investigator: The Need to Circumvent Security in Embedded Systems

Read

Sutherland

Xynos

et al. 2015

Information Security Journal: A Global Perspective

View full text Add to dashboard Cite

show abstract

“…change of permission, user logon/logoff etc. The Windows operating system has many places from where evidence can be extracted [14][15].…”

Section: Fig 1: Shows the Interaction Of A Win32 Program With The Evementioning

confidence: 99%

Research Issues on Windows Event Log

Sahoo¹,

Chottray²,

Pattnaiak³

2012

IJCA

View full text Add to dashboard Cite

Due to the rapidly increasing connectivity and dependency over the internet by individuals and corporations to carry out their businesses, security breaches are increasing day by day. Security and privacy are becoming a greater concern for the modern world. The report of loss of critical data, cyber attacks, denial of service attacks, hacking of websites and systems etc. are becoming the headlines in news channels. In this context, log data are very useful as it is used to track the history of an intruder in day to day work and providing evidence for further investigation. Audit log data, which are produced by windows operating systems, are in binary format and are not compatible with the log format of other log sources, which makes the log management very complicated and most challenging. The windows event log stays locally in the host system and the centralization of logging process is not possible due to its distributed design. This paper outlines a brief overview of the various processes involved in the windows event logging environment and stressed to centralize the logging process. This research work implements the Winsyslog server as the central server to centralize the storage of log data and event reporter for translation of windows event log data from binary format to syslog format. The proposed architecture to centralize the storage of log data helps the system administrator in a great way by simplifying the logging process and also enhances the security to log data, which are most important for forensic investigation.

show abstract

“…It stores this activity in some areas such as Windows Registry. Since, the plethora information, such as user accounts, typed URLs, shared network, and run command history, are stored in it [9][10][11][12]. The investigator can extract some useful data relevant to the case under investigation, such as the last accessed web site, the type of plugged in device, and some other data.…”

Section: Introductionmentioning

confidence: 99%

Fuzzy Crime Investigation Framework for Tracking Data Theft based on USB Storage

Neil¹,

Elmogy²,

Riad³

2013

IJCA

View full text Add to dashboard Cite

Since the lives of the persons are on the edge after being convicted in digital crimes. The main goal of digital forensics is to extract accurate evidence which determines whether the convict is guilty or not. The recent challenge is due to the big size of data that the investigator may deal with. These data stored in unnoticeable tiny devices such as USB sticks which may lead to a muddled decision because of the tediousness of the investigation. Fortunately, in Windows Operating systems, all users' transactions are stored in a central point which is known as Windows Registry. It stores all hardware and software configurations, user activities, and transactions. Therefore, digital forensics based on Windows registry is considered as a hot research field. This paper presents a proposed framework for digital crime investigation based on Fuzzy logic. It helps the investigator in the decision making phase about the evidence. This deals with the extracted evidence from relevant Windows Registry keys. Also, tracking the usage of USB devices for data theft was presented. Finally the proposed framework was tested on a simulated case study.

show abstract

The role of operating systems in computer forensics

Cited by 8 publications

References 0 publications

Locking Out the Investigator: The Need to Circumvent Security in Embedded Systems

Locking Out the Investigator: The Need to Circumvent Security in Embedded Systems

Research Issues on Windows Event Log

Fuzzy Crime Investigation Framework for Tracking Data Theft based on USB Storage

Contact Info

Product

Resources

About