The Forensic Value of the Windows 7 Jump List
نویسنده
چکیده
منابع مشابه
A forensic insight into Windows 10 Jump Lists
The records maintained by Jump Lists have the potential to provide a rich source of evidence about users’ historic activity to the forensic investigator. The structure and artifacts recorded by Jump Lists have been widely discussed in various forensic communities since its debut in Microsoft Windows 7. However, this feature has more capabilities to reveal evidence in Windows 10, due to its modi...
متن کاملSuspects’ data hiding at remaining registry values of uninstalled programs1
Windows registry, a central repository for configuration data, should be investigated for obtaining forensic evidences, since it contains lots of information that are of potential evidential value. Using some forensic tools, forensic examiners can investigate values of windows registry and get information can be forensic evidences. However, since windows registry contains huge amount of values ...
متن کاملCyber Dumpster-Diving: $Recycle.Bin Forensics for Windows 7 and Windows Vista
Analysis of deleted files often provides useful information for the forensic computer examiner. Knowing where to find the deleted files, and how to interpret the metadata associated with the file’s deletion, make up the cornerstone of a successful forensic computer examination. Much like an office trash-can, the Microsoft Windows Recycle Bin is a temporary holding container for files that have ...
متن کاملMessenger Forensics on Windows Vista and Windows 7
The purpose of this study is to identify several areas of forensic interest within the Yahoo! Messenger application, which are of forensic significance. This study focuses on new areas of interest within the file structure of Windows Vista and Windows 7. One of the main issues with this topic is that little research has been previously conducted on the new Windows platforms. Previously conducte...
متن کاملShadow Volume Trash: $Recycle.Bin Forensics for Windows 7 and Windows Vista Shadow Volumes
According to Microsoft, over one-third of all data loss is the result of accidental file deletion or modification (Microsoft, 2003). The Volume Shadow Copy Service is a Windows operating system service that archives key data and system settings. This allows Windows 7 and Windows Vista to recover from accidental data deletion and from destabilizing events, such as a virus attack or the incorrect...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011