TYPES OF DIGITAL FORENSIC ARTIFACTS IN WINDOWS COMPUTERS
DOI:
https://doi.org/10.28925/2663-4023.2024.24.221228Keywords:
cybersecurity; computer forensics; computer digital artifacts; incomplete initial data; Windows; Forensic Triage.Abstract
Recently, the issue of solving various tasks in conditions of initial data shortage becomes more relevant. It is related to various problems, but some of them have arisen and continue to arise as a result of the constant Ukraine’s economy cripple during the war with Russian Federation. Currently both countries have entered the “war of attrition” phase. Therefore, there is an objective need to investigate this process and develop strategies, methods and algorithms for adaptation to new conditions, when the initial data base becomes insufficient for tasks solving. Many examples can be given when it is vital to solve tasks under the lack of resources. For example, the distribution of 10 body armor vests among 100 soldiers in a company; treatment the wounded under the medicine’s shortage conditions; solving information tasks when there is a lack of the necessary data. We will investigate information tasks related to computer forensics. When a hacked computer is examined, it is necessary to detect the fact of unauthorized access to the software, as well as analyze in detail its causes and consequences. These tasks have already been largely solved and published. But the researched publications consider cases when the computer is available and there is enough time for analysis. It is also considered that the researcher qualification is at a correspondingly high level. But what if there is not enough time, qualifications, and the volume of received initial data? What and how should we do? The article is devoted to the above-mentioned situation. It starts in and does series of articles, arranged in the direction of “Solving the computer forensics issues in the conditions of incomplete initial data”.
Downloads
References
Hintea, D., Bird, R., & Green, M. (2017). An investigation into the forensic implications of the Windows 10 operating system: recoverable artefacts and significant changes from Windows 8.1. International Journal of Electronic Security and Digital Forensics, 9(4). https://doi.org/10.1504/ijesdf.2017.10008013
Rogers, M. K., Goldman, J., Mislan, R., Wedge, T., & Debrota, S. (2006). Computer Forensics Field Triage Process Model. Journal of Digital Forensics, Security and Law, 1(2). https://doi.org/10.15394/jdfsl.2006.1004
Jusas, V., Birvinskas, D., & Gahramanov, E. (2017). Methods and Tools of Digital Triage in Forensic Context: Survey and Future Directions. Symmetry, 9(4). https://doi.org/10.3390/sym9040049
Steam Hardware & Software Survey. (n.d.). Welcome to Steam. https://store.steampowered.com/hwsurvey/Steam-Hardware-Software-Survey-Welcome-to-Steam
GitHub - Psmths/windows-forensic-artifacts: Handbook of windows forensic artifacts across multiple Windows version with interpretation tips with some examples. (n.d.). GitHub. https://github.com/Psmths/windows-forensic-artifacts
Windows registry for advanced users - Windows Server. (n.d.). Microsoft Learn: Build skills that open doors in your career. https://learn.microsoft.com/en-us/troubleshoot/windows-server/performance/windows-registry-advanced-users
Zimmerman, E. R. (2017). Registry Explorer User manual. https://www.oit.va.gov/Services/TRM/files/ RegistryExplorerManual.pdf
Windows $MFT and NTFS Metadata Extractor Tool. (n.d.). TZWorks LLC (www.tzworks.com) Homepage. https://tzworks.com/prototype_page.php?proto_id=12
Acquiring Memory with Magnet RAM Capture - Magnet Forensics. (n.d.). Magnet Forensics. https://www.magnetforensics.com/blog/acquiring-memory-with-magnet-ram-capture/
Korkmaz, F. (2021). Windows artifacts. Medium. https://r4bb1t.medium.com/windows-artifacts-8fae778aa8c7
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Олександр Богданов , Іван Чернігівський
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
