CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

A Practical Approach for Evidence Gathering in Windows Environment

by J.L. Rana, Deepak Singh Tomar, Kaveesh Dashora
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 5 - Number 10
Year of Publication: 2010
Authors: J.L. Rana, Deepak Singh Tomar, Kaveesh Dashora
10.5120/948-1326

J.L. Rana, Deepak Singh Tomar, Kaveesh Dashora . A Practical Approach for Evidence Gathering in Windows Environment. International Journal of Computer Applications. 5, 10 ( August 2010), 21-27. DOI=10.5120/948-1326

@article{ 10.5120/948-1326,
author = { J.L. Rana, Deepak Singh Tomar, Kaveesh Dashora },
title = { A Practical Approach for Evidence Gathering in Windows Environment },
journal = { International Journal of Computer Applications },
issue_date = { August 2010 },
volume = { 5 },
number = { 10 },
month = { August },
year = { 2010 },
issn = { 0975-8887 },
pages = { 21-27 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume5/number10/948-1326/ },
doi = { 10.5120/948-1326 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T19:53:55.122258+05:30
%A J.L. Rana
%A Deepak Singh Tomar
%A Kaveesh Dashora
%T A Practical Approach for Evidence Gathering in Windows Environment
%J International Journal of Computer Applications
%@ 0975-8887
%V 5
%N 10
%P 21-27
%D 2010
%I Foundation of Computer Science (FCS), NY, USA
Abstract

With theincrease in internet technology cyber-attacks have also increased, most of the sufferers from these cyber-attacks are novice windows end users. Windows is more popular due to the ease in use, and effective GUI; due to the unavailability of windows component source code the crime investigations in windows environment is a tedious and hectic job for law enforcement agencies. The unsystematic organization of the available sources of evidence in a windows environment makes the integration of these evidences a difficult task. In this paper a prototype model is developed and implemented to extract the various sources of evidence in windows environment. Investigation issues in Windows and Linux environment are also presented.

References
  1. Huebner, E., and Henskens, F., “The role of operating systems in computer forensics”, SIGOPS Oper. Syst.Rev., 42(3), 1-3., 2008.
  2. “Forensic investigation on Windows Logs,” [Online]. Available: http://www.icranium.com/blog/?p=194 [Accessed: Jun.02, 2010].
  3. “Wikipedia,” [Online]. Available: http://en.wikipedia.org/wiki [Accessed: July.5, 2010].
  4. “Computer Forensics,” US CERT Available www.us-cert.gov/reading_room/forensics.pdf [Accessed: June.10, 2010].
  5. “Forensically interesting spots in the Windows 7, Vista and XP file system and registry,” [Online]. Available: http://www.irongeek.com/i.php?page=security/windows-forensics-registry-and-file-system-spots [Accessed: July 5,2010]
  6. AccessData, http://www.accessdata.com/
  7. Guidance Software, http://www.guidancesoftware.com/
  8. Sysinternals,http://technet.microsoft.com/en-us/sysinternals/default.aspx
  9. Dashora, Kaveesh, Tomar, Deepak Singh and Rana, J.L.“A Framework for Windows Forensics”. 2010. The Proceedings of National Conference on Recent Trends & Challenges in Internet Technology (RTCIT – 2010). pp. 167 - 171.
Index Terms

Computer Science
Information Sciences

Keywords

Log File Windows Registry Analysis Operating System Forensics Windows Event Logs Evidence Collection

Powered by PhDFocusTM