A Consistency Study of the Windows Registry

Abstract : This paper proposes a novel method for checking the consistency of forensic registry artifacts by gathering event information from the artifacts and analyzing the event sequences based on the associated timestamps. The method helps detect the use of counter-forensic techniques without focusing on one particular counter-forensic tool at a time. Several consistency checking models are presented to verify events derived from registry artifacts. Examples of these models are used to demonstrate how evidence of alteration may be detected.
Type de document :
Communication dans un congrès
Kam-Pui Chow; Sujeet Shenoi. 6th IFIP WG 11.9 International Conference on Digital Forensics (DF), Jan 2010, Hong Kong, China. Springer, IFIP Advances in Information and Communication Technology, AICT-337, pp.77-90, 2010, Advances in Digital Forensics VI. 〈10.1007/978-3-642-15506-2_6〉
Liste complète des métadonnées

Littérature citée [8 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01060611
Contributeur : Hal Ifip <>
Soumis le : lundi 27 novembre 2017 - 17:15:29
Dernière modification le : jeudi 28 décembre 2017 - 01:09:13

Fichier

ZhuJG10.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Yuandong Zhu, Joshua James, Pavel Gladyshev. A Consistency Study of the Windows Registry. Kam-Pui Chow; Sujeet Shenoi. 6th IFIP WG 11.9 International Conference on Digital Forensics (DF), Jan 2010, Hong Kong, China. Springer, IFIP Advances in Information and Communication Technology, AICT-337, pp.77-90, 2010, Advances in Digital Forensics VI. 〈10.1007/978-3-642-15506-2_6〉. 〈hal-01060611〉

Partager

Métriques

Consultations de la notice

96

Téléchargements de fichiers

32