Windows Forensics
DOI:
https://doi.org/10.24867/18BE27SekulicKeywords:
Windows, digital forensics, digital evidence, Windows forensicsAbstract
his work describes Windows operating system forensics and includes description of various tools, techniques and methods of conducting examination of digital evidence that is the result of the operating system’s activities. In addition, the theoretical foundations of the Windows operating system itself are given. Also, a case study is described, which covers the process of digital forensics over the described example.
References
[1] Per Brinch Hansen, Operating system principles, California Institute of Technology, Englewood Cliffs, New Jersey, 2001.
[2] Microsoft, Windows Hardware Developer, User mode and kernel mode, Article 2021, [online]. Available: https://docs.microsoft.com/en-us/windows-hardware/drivers/gettingstarted/user-mode-and-kernel-mode.
[3] Harlan Carvey, Windows Registry Forensics, Advanced Digital Forensic Analysis of the Windows Registry, pp. 1-27, USA, 2011.
[4] Lucideus, Introduction to Event Log Analysis Part 1 – Windows Forensics Manual 2018, Oct 26,2018. [online]. Available: https://medium.com/@lucideus/introduction-to-event-log-analysis-part-1-windows-forensics-manual-2018-b936a1a35d8a.
[5] OpenText EnCase Forensic, [online]. Available: https://security.opentext.com/encase-forensic.
[6] X-Ways Forensics: Integrated Computer Forensics Software, [online]. Available: http://www.x-ways.net/forensics/.
[7] Autopsy, [online]. Available: https://www.sleuthkit.org/autopsy/.
[8] Volatility Framework – Advanced Memory Forensics Framework, September 26,2016., [online]. Available: https://www.darknet.org.uk/2016/09/volatility-framework-advanced-memory-forensics-framework/.
[2] Microsoft, Windows Hardware Developer, User mode and kernel mode, Article 2021, [online]. Available: https://docs.microsoft.com/en-us/windows-hardware/drivers/gettingstarted/user-mode-and-kernel-mode.
[3] Harlan Carvey, Windows Registry Forensics, Advanced Digital Forensic Analysis of the Windows Registry, pp. 1-27, USA, 2011.
[4] Lucideus, Introduction to Event Log Analysis Part 1 – Windows Forensics Manual 2018, Oct 26,2018. [online]. Available: https://medium.com/@lucideus/introduction-to-event-log-analysis-part-1-windows-forensics-manual-2018-b936a1a35d8a.
[5] OpenText EnCase Forensic, [online]. Available: https://security.opentext.com/encase-forensic.
[6] X-Ways Forensics: Integrated Computer Forensics Software, [online]. Available: http://www.x-ways.net/forensics/.
[7] Autopsy, [online]. Available: https://www.sleuthkit.org/autopsy/.
[8] Volatility Framework – Advanced Memory Forensics Framework, September 26,2016., [online]. Available: https://www.darknet.org.uk/2016/09/volatility-framework-advanced-memory-forensics-framework/.
Downloads
Published
2022-07-09
Issue
Section
Electrotechnical and Computer Engineering
