JOURNAL BROWSE
Search
Advanced SearchSearch Tips
Development of Windows forensic tool for verifying a set of data
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Development of Windows forensic tool for verifying a set of data
Kim, Min-Seo; Lee, Sang-jin;
  PDF(new window)
 Abstract
For an accurate analysis through the forensic of digital devices and computer, it is a very important validation of the reliability of digital forensic tools. To verify the reliability of the tool, it is necessary to research and development of the data set to be input to the tool. In many-used Windows operating system of the computer, there is a Window forensic artifacts associated with time and system behavior. In this paper, we developed a set of data in the Windows operating system to be able to analyze all of the two Windows artifacts and we conducted a test with published digital forensic tools. Therefore, the developed data set presents the use of the following method. First, artefacts education for growing ability can be analyzed acts standards. Secondly, the purpose of tool tests for verifying the reliability of digital forensics. Lastly, recyclability for new artifact analysis.
 Keywords
Digital forensics;Data set;Corpus;Corpora;Digital forensics tool testing;
 Language
Korean
 Cited by
 References
1.
F.Cohen, Digital Forensic Evidence Examination, 4th Ed, Fred Cohen & Associates, 2009-2012

2.
C.Altheide, H.Carvey, Digital Forensics with Open Source Tools : Using Open Source Platform Tools for Performing Computer Forensics on TargetSystems: Windows, Mac, Linux, Unix, etc, 1st Edition, Syngress Media Inc, 2011

3.
H.Carvey, Windows Registry forensics: advanced digital forensic analysis of the Windows Registry, Syngress Publishing, 2011

4.
S.Garfinkel, P.Farrel, V.Roussev and G.Dinolt, "Bringing science to digital forensics with standardized forensic corpora," Digital Investigation 6, 2009.

5.
JR Lyle, DR White and RP Ayers, "Digital forensics at the national institute of standards and technology," National Institute of Standards and Technology, 2008

6.
Lei Pan, "Robust performance testing for digital forensic tools," Digital Investigation, vol. 6, pp. 71-81, Sept 2009 crossref(new window)

7.
K.Woods, C.Lee, S.Garfinkel, D.Dittrich, A.Russell and K.Kearton, "Creating realistic corpora for security and forensic education," Proceedings of the ADFSL Conference on Digital Forensics, Security and Law, 2011.

8.
S.Carfinkel, "Forensic corpora, a challenge for forensic research," unpublished manuscript, 2007.

9.
Peng Li, "Selecting and using virtualization solutions: our experiences with VMware and VirtualBox," Journal of Computing Sciences in Colleges, Vol. 2, pp 11-17, Jan. 2010.

10.
F.Buchholz, E.Spafford, "On the role of file system metadata in digital forensics," Digital Investigation, Vol. 1, pp 298-309, Dec. 2004. crossref(new window)

11.
B.Carrier, EH.Spafford, "An event-based digital forensic investigation framework," Digital forensic research workshop, 2004.

12.
M.Geiger, "Evaluating commercial counter-forensic tools," 2005 Digital Forensic Workshop, 2005.

13.
H.Carvey, "The Windows Registry as a forensic resource," Digital Investigation, Vol. 2, pp. 201-205, Sept. 2005. crossref(new window)

14.
V.Mee, T.Tryfonas and I.Sutherland, "The Windows Registry as a forensic artefact: Illustrating evidence collection for Internet usage," Digital Investigation, Vol. 3, pp. 166-173, Sept. 2006. crossref(new window)

15.
E.Huebner, D.Bem and CK.Wee, "Data hiding in the NTFS file system," Digital Investigation, Vol. 3, pp. 211-226, Dess. 2006. crossref(new window)

16.
A.Castiglione, A.De Santis and C.Soriente, "Taking advantages of a disadvantage: Digital forensics and steganography using document metadata," Journal of Systems and Software, Vol. 80, pp. 750-764, May. 2007. crossref(new window)

17.
TD.Morgan, "Recovering deleted data from the Windows registry," Digital Investigation, Vol. 5, pp. S33-S41, Sept. 2008. crossref(new window)

18.
B.Park, J.Park and S.Lee, "Data concealment and detection in Microsoft Office 2007 files," Digital Investigation, Vol. 5, pp. 104-114, Mar. 2009. crossref(new window)

19.
H.Chung, J.Park, S.Lee and C.Kang, "Digital forensic investigation of cloud storage services," Digital Investigation, Vol. 9, pp. 81-95, Nov. 2012. crossref(new window)

20.
J.Collie, "The windows IconCache.db: A resource for forensic artifacts from USB connectable devices," Digital Investigation, Vol. 9, pp. 200-201, Feb. 2013. crossref(new window)

21.
MG.Meshram, D.Kapgate, "Investigating the Artifacts Using Windows Registry and Log Files," IJCSMC, Vol. 4, pp. 625-631, Jun. 2015.

22.
NK.Shashidhar, D.Novak, "Digital Forensic Analysis on Prefetch Files," International Journal of Information Security Science, Vol. 4, no. 2, 2015.

23.
SK.Khode, VN.Pahune and MR.Sayankar, "Digital Forensic Tool for Decision Making in Computer Security Domain," International Journal for Research in Emerging Science and Technology, Vol. 2, Apr. 2015.

24.
CFTT, http://www.cftt.nist.gov/

25.
Computer Forensic Reference Data Sets, http://www.cfreds.nist.gov/

26.
Digital Forensic Tool Testing Images, http://dftt.sourceforge.net/

27.
NPS Corpus, http://digitalcorpora.org/

28.
Lance Mueller's Homepage, http://www.forensickb.com/

29.
Portable Forensics, Windows Artifact Analysis,http://portable-forensics.blogspot.kr/2014/10/windows-artifact-analysis.html

30.
Harlan Carvey, RegRipper, v2.8, https://code.google.com/p/regripper/download s/list

31.
Didier Stevens, UserAssist, v2.6.0, http://blog.didierstevens.com/programs/userassist/

32.
woanware, RegRipperRunner, v1.0.4, http://www.woanware.co.uk/forensics/regripperrunner.html

33.
woanware, ForensicUserInfo, v1.0.5, http://www.woanware.co.uk/forensics/forensicuserinfo.html

34.
woanware, USBDeviceForensics, v1.0.14, http://www.woanware.co.uk/forensics/usbdeviceforensics.html

35.
MiTeC, Windows Registry Recovery, v1. 5.3, http://www.mitec.cz/Data/XML/data_downloads.xml

36.
NirSoft, BrowsingHistoryView, v1.69, http://www.nirsoft.net/utils/browsing_history_view.html

37.
NirSoft, ChromeCacheView, v1.66, http://www.nirsoft.net/utils/chrome_cache_view.html

38.
NirSoft, ChromeHistoryView, v1.22, http://www.nirsoft.net/utils/chrome_history_view.html

39.
woanware, ChromeForensics, v1.0.5, http://www.woanware.co.uk/forensics/chromeforensics.html

40.
woanware, FireFoxForensics, v1.0.5, http://www.woanware.co.uk/forensics/firefoxforensics.html

41.
woanware, Firefoxsessionstoreextractor, v1.0.2, http://www.woanware.co.uk/forensics/firefoxsessionstoreextractor.html

42.
NirSoft, IECacheView, v1.53, http://www.nirsoft.net/utils/ie_cache_viewer.html

43.
NirSoft, IECookiesView, v1.77, http://www.nirsoft.net/utils/iecookies.html

44.
NirSoft, IEHistoryView, v1.70, http://www.nirsoft.net/utils/iehv.html

45.
NirSoft, MozillaCacheView, v1.6, http://www.nirsoft.net/utils/mozilla_cache_viewer.html

46.
NirSoft, MozilaCookieView, v1.50, http://www.nirsoft.net/utils/mzcv.html

47.
NirSoft, MozilaHistoryView, v1.56, http://www.nirsoft.net/utils/mozilla_history_view.html

48.
"NirSoft, MyLastSearch, v1.63, http://www.nirsoft.net/utils/my_last_search.html

49.
NirSoft, OperaCacheView, v1.06, http://www.nirsoft.net/utils/opera_cache_view.html

50.
NirSoft, SafariCacheView, v1.11, http://www.nirsoft.net/utils/safari_cache_view.html

51.
NirSoft, SafariHistoryView, v1.01, http://www.nirsoft.net/utils/safari_history_view.html

52.
NirSoft, WebBrowserPassView, v1.60, http://www.nirsoft.net/utils/web_browser_password.html

53.
https://drive.google.com/open?id=0ByMck91GiIuqNUVNN2pzcjkyT1E

54.
https://drive.google.com/open?id=0Byhj6HV8ySUyMTV6Q2FETF9kQ2s

55.
https://drive.google.com/open?id=0Byhj6HV8ySUycHRoVHI3SEJLbVk

56.
https://drive.google.com/open?id=0Byhj6HV8ySUyNDdydHlERm01TE0

57.
https://drive.google.com/open?id=0B9Sfk3oZxm9IUTJiMjRPWHltRjA

58.
https://drive.google.com/open?id=0B9Sfk3oZxm9IdW9XZHdINTRtMUE

59.
https://drive.google.com/open?id=0B9Sfk3oZxm9IQjJtaWNIVU9qOEU

60.
https://drive.google.com/open?id=0B9Sfk3oZxm9IQUZNZjYycVMxZTg

61.
https://drive.google.com/open?id=0B9Xaut-MwPuJTGVnSC16MzJvbGc

62.
https://drive.google.com/open?id=0B9Xaut-MwPuJTVhldWhqRDVGM2s

63.
https://drive.google.com/open?id=0B9Xaut-MwPuJN1gxeVMwVXNVV1E