CFP last date
20 January 2025
Reseach Article

A Practical Approach for Evidence Gathering in Windows Environment

by J.L. Rana, Deepak Singh Tomar, Kaveesh Dashora
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 5 - Number 10
Year of Publication: 2010
Authors: J.L. Rana, Deepak Singh Tomar, Kaveesh Dashora
10.5120/948-1326

J.L. Rana, Deepak Singh Tomar, Kaveesh Dashora . A Practical Approach for Evidence Gathering in Windows Environment. International Journal of Computer Applications. 5, 10 ( August 2010), 21-27. DOI=10.5120/948-1326

@article{ 10.5120/948-1326,
author = { J.L. Rana, Deepak Singh Tomar, Kaveesh Dashora },
title = { A Practical Approach for Evidence Gathering in Windows Environment },
journal = { International Journal of Computer Applications },
issue_date = { August 2010 },
volume = { 5 },
number = { 10 },
month = { August },
year = { 2010 },
issn = { 0975-8887 },
pages = { 21-27 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume5/number10/948-1326/ },
doi = { 10.5120/948-1326 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T19:53:55.122258+05:30
%A J.L. Rana
%A Deepak Singh Tomar
%A Kaveesh Dashora
%T A Practical Approach for Evidence Gathering in Windows Environment
%J International Journal of Computer Applications
%@ 0975-8887
%V 5
%N 10
%P 21-27
%D 2010
%I Foundation of Computer Science (FCS), NY, USA
Abstract

With theincrease in internet technology cyber-attacks have also increased, most of the sufferers from these cyber-attacks are novice windows end users. Windows is more popular due to the ease in use, and effective GUI; due to the unavailability of windows component source code the crime investigations in windows environment is a tedious and hectic job for law enforcement agencies. The unsystematic organization of the available sources of evidence in a windows environment makes the integration of these evidences a difficult task. In this paper a prototype model is developed and implemented to extract the various sources of evidence in windows environment. Investigation issues in Windows and Linux environment are also presented.

References
  1. Huebner, E., and Henskens, F., “The role of operating systems in computer forensics”, SIGOPS Oper. Syst.Rev., 42(3), 1-3., 2008.
  2. “Forensic investigation on Windows Logs,” [Online]. Available: http://www.icranium.com/blog/?p=194 [Accessed: Jun.02, 2010].
  3. “Wikipedia,” [Online]. Available: http://en.wikipedia.org/wiki [Accessed: July.5, 2010].
  4. “Computer Forensics,” US CERT Available www.us-cert.gov/reading_room/forensics.pdf [Accessed: June.10, 2010].
  5. “Forensically interesting spots in the Windows 7, Vista and XP file system and registry,” [Online]. Available: http://www.irongeek.com/i.php?page=security/windows-forensics-registry-and-file-system-spots [Accessed: July 5,2010]
  6. AccessData, http://www.accessdata.com/
  7. Guidance Software, http://www.guidancesoftware.com/
  8. Sysinternals,http://technet.microsoft.com/en-us/sysinternals/default.aspx
  9. Dashora, Kaveesh, Tomar, Deepak Singh and Rana, J.L.“A Framework for Windows Forensics”. 2010. The Proceedings of National Conference on Recent Trends & Challenges in Internet Technology (RTCIT – 2010). pp. 167 - 171.
Index Terms

Computer Science
Information Sciences

Keywords

Log File Windows Registry Analysis Operating System Forensics Windows Event Logs Evidence Collection