Naslov
Forensic analysis of Windows 10 Sandbox

Autori
Đuranec, Antun ; Gruičić, Savina ; Žagar, Marinko

Vrsta, podvrsta i kategorija rada
Sažeci sa skupova, sažetak, znanstveni

Izvornik
2020 43rd International Convention on Information, Communication and Electronic Technology (MIPRO) / Koričić, Marko ; Skala, Karolj - Rijeka : Hrvatska udruga za informacijsku i komunikacijsku tehnologiju, elektroniku i mikroelektroniku - MIPRO, 2020, 1481-1486

Skup
43nd International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO 2020)

Mjesto i datum
Opatija, Hrvatska, 28.09.2020. - 02.10.2020

Vrsta sudjelovanja
Predavanje

Vrsta recenzije
Međunarodna recenzija

Ključne riječi
Windows 10 ; Sandbox ; digital forensics

Sažetak
With each Windows operating system Microsoft introduces new features to its users. Newly added features present a challenge to digital forensics examiners as they are not analyzed or tested enough. One of the latest features, introduced in Windows 10 version 1909 is Windows Sandbox ; a lightweight, temporary, environment for running untrusted applications. Because of the temporary nature of the Sandbox and insufficient documentation, digital forensic examiners are facing new challenges when examining this newly added feature which can be used to hide different illegal activities. Throughout this paper, the focus will be on analyzing different Windows artifacts and event logs, with various tools, left behind as a result of the user interaction with the Sandbox feature on a clear virtual environment. Additionally, the setup of testing environment will be explained, the results of testing and interpretation of the findings will be presented, as well as open-source tools used for the analysis.

Izvorni jezik
Engleski

Znanstvena područja
Računarstvo

POVEZANOST RADA