A Practical Approach for Evidence Gathering in Windows Environment

J.L. Rana; Deepak Singh Tomar; Kaveesh Dashora

Research Article

A Practical Approach for Evidence Gathering in Windows Environment

by J.L. Rana, Deepak Singh Tomar, Kaveesh Dashora

International Journal of Computer Applications

Foundation of Computer Science (FCS), NY, USA

Volume 5 - Issue 10

Published: August 2010

Authors: J.L. Rana, Deepak Singh Tomar, Kaveesh Dashora

10.5120/948-1326

PDF

J.L. Rana, Deepak Singh Tomar, Kaveesh Dashora . A Practical Approach for Evidence Gathering in Windows Environment. International Journal of Computer Applications. 5, 10 (August 2010), 21-27. DOI=10.5120/948-1326

                        @article{ 10.5120/948-1326,
                        author  = { J.L. Rana,Deepak Singh Tomar,Kaveesh Dashora },
                        title   = { A Practical Approach for Evidence Gathering in Windows Environment },
                        journal = { International Journal of Computer Applications },
                        year    = { 2010 },
                        volume  = { 5 },
                        number  = { 10 },
                        pages   = { 21-27 },
                        doi     = { 10.5120/948-1326 },
                        publisher = { Foundation of Computer Science (FCS), NY, USA }
                        }

                        %0 Journal Article
                        %D 2010
                        %A J.L. Rana
                        %A Deepak Singh Tomar
                        %A Kaveesh Dashora
                        %T A Practical Approach for Evidence Gathering in Windows Environment%T 
                        %J International Journal of Computer Applications
                        %V 5
                        %N 10
                        %P 21-27
                        %R 10.5120/948-1326
                        %I Foundation of Computer Science (FCS), NY, USA

Abstract

With theincrease in internet technology cyber-attacks have also increased, most of the sufferers from these cyber-attacks are novice windows end users. Windows is more popular due to the ease in use, and effective GUI; due to the unavailability of windows component source code the crime investigations in windows environment is a tedious and hectic job for law enforcement agencies. The unsystematic organization of the available sources of evidence in a windows environment makes the integration of these evidences a difficult task. In this paper a prototype model is developed and implemented to extract the various sources of evidence in windows environment. Investigation issues in Windows and Linux environment are also presented.

References

Huebner, E., and Henskens, F., “The role of operating systems in computer forensics”, SIGOPS Oper. Syst.Rev., 42(3), 1-3., 2008.
“Forensic investigation on Windows Logs,” [Online]. Available: http://www.icranium.com/blog/?p=194 [Accessed: Jun.02, 2010].
“Wikipedia,” [Online]. Available: http://en.wikipedia.org/wiki [Accessed: July.5, 2010].
“Computer Forensics,” US CERT Available www.us-cert.gov/reading_room/forensics.pdf [Accessed: June.10, 2010].
“Forensically interesting spots in the Windows 7, Vista and XP file system and registry,” [Online]. Available: http://www.irongeek.com/i.php?page=security/windows-forensics-registry-and-file-system-spots [Accessed: July 5,2010]
AccessData, http://www.accessdata.com/
Guidance Software, http://www.guidancesoftware.com/
Sysinternals,http://technet.microsoft.com/en-us/sysinternals/default.aspx
Dashora, Kaveesh, Tomar, Deepak Singh and Rana, J.L.“A Framework for Windows Forensics”. 2010. The Proceedings of National Conference on Recent Trends & Challenges in Internet Technology (RTCIT – 2010). pp. 167 - 171.

Index Terms

Computer Science

Information Sciences

No index terms available.

Keywords

Log File Windows Registry Analysis Operating System Forensics Windows Event Logs Evidence Collection