Research Article

A Practical Approach for Evidence Gathering in Windows Environment

by  J.L. Rana, Deepak Singh Tomar, Kaveesh Dashora
journal cover
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 5 - Issue 10
Published: August 2010
Authors: J.L. Rana, Deepak Singh Tomar, Kaveesh Dashora
10.5120/948-1326
PDF

J.L. Rana, Deepak Singh Tomar, Kaveesh Dashora . A Practical Approach for Evidence Gathering in Windows Environment. International Journal of Computer Applications. 5, 10 (August 2010), 21-27. DOI=10.5120/948-1326

                        @article{ 10.5120/948-1326,
                        author  = { J.L. Rana,Deepak Singh Tomar,Kaveesh Dashora },
                        title   = { A Practical Approach for Evidence Gathering in Windows Environment },
                        journal = { International Journal of Computer Applications },
                        year    = { 2010 },
                        volume  = { 5 },
                        number  = { 10 },
                        pages   = { 21-27 },
                        doi     = { 10.5120/948-1326 },
                        publisher = { Foundation of Computer Science (FCS), NY, USA }
                        }
                        %0 Journal Article
                        %D 2010
                        %A J.L. Rana
                        %A Deepak Singh Tomar
                        %A Kaveesh Dashora
                        %T A Practical Approach for Evidence Gathering in Windows Environment%T 
                        %J International Journal of Computer Applications
                        %V 5
                        %N 10
                        %P 21-27
                        %R 10.5120/948-1326
                        %I Foundation of Computer Science (FCS), NY, USA
Abstract

With theincrease in internet technology cyber-attacks have also increased, most of the sufferers from these cyber-attacks are novice windows end users. Windows is more popular due to the ease in use, and effective GUI; due to the unavailability of windows component source code the crime investigations in windows environment is a tedious and hectic job for law enforcement agencies. The unsystematic organization of the available sources of evidence in a windows environment makes the integration of these evidences a difficult task. In this paper a prototype model is developed and implemented to extract the various sources of evidence in windows environment. Investigation issues in Windows and Linux environment are also presented.

References
  • Huebner, E., and Henskens, F., “The role of operating systems in computer forensics”, SIGOPS Oper. Syst.Rev., 42(3), 1-3., 2008.
  • “Forensic investigation on Windows Logs,” [Online]. Available: http://www.icranium.com/blog/?p=194 [Accessed: Jun.02, 2010].
  • “Wikipedia,” [Online]. Available: http://en.wikipedia.org/wiki [Accessed: July.5, 2010].
  • “Computer Forensics,” US CERT Available www.us-cert.gov/reading_room/forensics.pdf [Accessed: June.10, 2010].
  • “Forensically interesting spots in the Windows 7, Vista and XP file system and registry,” [Online]. Available: http://www.irongeek.com/i.php?page=security/windows-forensics-registry-and-file-system-spots [Accessed: July 5,2010]
  • AccessData, http://www.accessdata.com/
  • Guidance Software, http://www.guidancesoftware.com/
  • Sysinternals,http://technet.microsoft.com/en-us/sysinternals/default.aspx
  • Dashora, Kaveesh, Tomar, Deepak Singh and Rana, J.L.“A Framework for Windows Forensics”. 2010. The Proceedings of National Conference on Recent Trends & Challenges in Internet Technology (RTCIT – 2010). pp. 167 - 171.
Index Terms
Computer Science
Information Sciences
No index terms available.
Keywords

Log File Windows Registry Analysis Operating System Forensics Windows Event Logs Evidence Collection

Powered by PhDFocusTM