{"title":"Windows 11预取工件的取证分析","authors":"Akash Budhrani, Upasna Singh, Bhupendra Singh","doi":"10.1109/IBSSC56953.2022.10037260","DOIUrl":null,"url":null,"abstract":"The Operating System creates numerous objects to improve its efficiency and user experience and such objects are called artifacts. These artifacts record crucial data about the user activity. Such artifacts are the start point of any investigation as they can be an additional lead to a forensic triage. Prefetch file is one among various objects, presence of which confirms the execution of a particular application. Prefetch gives additional inside for the purpose of investigation. Thus, this paper brings out the forensic value of it, the tools required to decode the information it contains and also look in various caveats in interpreting this artifact to learn its strength and weaknesses to properly incorporate in support of opinion derived by the analyst. In this work, Prefetch is forensically examined to bring out its forensic value, knowledge it contains and all of that in whole or in parts can be used to help advance in investigation. Paper also brings out the difference in format of this artifact among various version of Windows OS.","PeriodicalId":426897,"journal":{"name":"2022 IEEE Bombay Section Signature Conference (IBSSC)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Forensic Analysis of Windows 11 Prefetch Artifact\",\"authors\":\"Akash Budhrani, Upasna Singh, Bhupendra Singh\",\"doi\":\"10.1109/IBSSC56953.2022.10037260\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Operating System creates numerous objects to improve its efficiency and user experience and such objects are called artifacts. These artifacts record crucial data about the user activity. Such artifacts are the start point of any investigation as they can be an additional lead to a forensic triage. Prefetch file is one among various objects, presence of which confirms the execution of a particular application. Prefetch gives additional inside for the purpose of investigation. Thus, this paper brings out the forensic value of it, the tools required to decode the information it contains and also look in various caveats in interpreting this artifact to learn its strength and weaknesses to properly incorporate in support of opinion derived by the analyst. In this work, Prefetch is forensically examined to bring out its forensic value, knowledge it contains and all of that in whole or in parts can be used to help advance in investigation. Paper also brings out the difference in format of this artifact among various version of Windows OS.\",\"PeriodicalId\":426897,\"journal\":{\"name\":\"2022 IEEE Bombay Section Signature Conference (IBSSC)\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-12-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE Bombay Section Signature Conference (IBSSC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IBSSC56953.2022.10037260\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE Bombay Section Signature Conference (IBSSC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IBSSC56953.2022.10037260","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The Operating System creates numerous objects to improve its efficiency and user experience and such objects are called artifacts. These artifacts record crucial data about the user activity. Such artifacts are the start point of any investigation as they can be an additional lead to a forensic triage. Prefetch file is one among various objects, presence of which confirms the execution of a particular application. Prefetch gives additional inside for the purpose of investigation. Thus, this paper brings out the forensic value of it, the tools required to decode the information it contains and also look in various caveats in interpreting this artifact to learn its strength and weaknesses to properly incorporate in support of opinion derived by the analyst. In this work, Prefetch is forensically examined to bring out its forensic value, knowledge it contains and all of that in whole or in parts can be used to help advance in investigation. Paper also brings out the difference in format of this artifact among various version of Windows OS.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
