TYPES OF DIGITAL FORENSIC ARTIFACTS IN WINDOWS COMPUTERS

Authors

DOI:

https://doi.org/10.28925/2663-4023.2024.24.221228

Keywords:

cybersecurity; computer forensics; computer digital artifacts; incomplete initial data; Windows; Forensic Triage.

Abstract

Recently, the issue of solving various tasks in conditions of initial data shortage becomes more relevant. It is related to various problems, but some of them have arisen and continue to arise as a result of the constant Ukraine’s economy cripple during the war with Russian Federation. Currently both countries have entered the “war of attrition” phase. Therefore, there is an objective need to investigate this process and develop strategies, methods and algorithms for adaptation to new conditions, when the initial data base becomes insufficient for tasks solving. Many examples can be given when it is vital to solve tasks under the lack of resources. For example, the distribution of 10 body armor vests among 100 soldiers in a company; treatment the wounded under the medicine’s shortage conditions; solving information tasks when there is a lack of the necessary data. We will investigate information tasks related to computer forensics. When a hacked computer is examined, it is necessary to detect the fact of unauthorized access to the software, as well as analyze in detail its causes and consequences. These tasks have already been largely solved and published. But the researched publications consider cases when the computer is available and there is enough time for analysis. It is also considered that the researcher qualification is at a correspondingly high level. But what if there is not enough time, qualifications, and the volume of received initial data? What and how should we do? The article is devoted to the above-mentioned situation. It starts in and does series of articles, arranged in the direction of “Solving the computer forensics issues in the conditions of incomplete initial data”.

Downloads

Download data is not yet available.

References

Hintea, D., Bird, R., & Green, M. (2017). An investigation into the forensic implications of the Windows 10 operating system: recoverable artefacts and significant changes from Windows 8.1. International Journal of Electronic Security and Digital Forensics, 9(4). https://doi.org/10.1504/ijesdf.2017.10008013

Rogers, M. K., Goldman, J., Mislan, R., Wedge, T., & Debrota, S. (2006). Computer Forensics Field Triage Process Model. Journal of Digital Forensics, Security and Law, 1(2). https://doi.org/10.15394/jdfsl.2006.1004

Jusas, V., Birvinskas, D., & Gahramanov, E. (2017). Methods and Tools of Digital Triage in Forensic Context: Survey and Future Directions. Symmetry, 9(4). https://doi.org/10.3390/sym9040049

Steam Hardware & Software Survey. (n.d.). Welcome to Steam. https://store.steampowered.com/hwsurvey/Steam-Hardware-Software-Survey-Welcome-to-Steam

GitHub - Psmths/windows-forensic-artifacts: Handbook of windows forensic artifacts across multiple Windows version with interpretation tips with some examples. (n.d.). GitHub. https://github.com/Psmths/windows-forensic-artifacts

Windows registry for advanced users - Windows Server. (n.d.). Microsoft Learn: Build skills that open doors in your career. https://learn.microsoft.com/en-us/troubleshoot/windows-server/performance/windows-registry-advanced-users

Zimmerman, E. R. (2017). Registry Explorer User manual. https://www.oit.va.gov/Services/TRM/files/ RegistryExplorerManual.pdf

Windows $MFT and NTFS Metadata Extractor Tool. (n.d.). TZWorks LLC (www.tzworks.com) Homepage. https://tzworks.com/prototype_page.php?proto_id=12

Acquiring Memory with Magnet RAM Capture - Magnet Forensics. (n.d.). Magnet Forensics. https://www.magnetforensics.com/blog/acquiring-memory-with-magnet-ram-capture/

Korkmaz, F. (2021). Windows artifacts. Medium. https://r4bb1t.medium.com/windows-artifacts-8fae778aa8c7

Downloads


Abstract views: 2

Published

2024-06-26

How to Cite

Bohdanov, O., & Chernihivskyi, I. (2024). TYPES OF DIGITAL FORENSIC ARTIFACTS IN WINDOWS COMPUTERS. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 4(24), 221–228. https://doi.org/10.28925/2663-4023.2024.24.221228