Naslov
The Forensic Significance of Indexing Applications on the Windows Operating System

Autori
Špoljarić, Igor ; Delija, Damir ; Sirovatka, Goran

Izvornik
MIPRO (1847-3938) I (2023); 1369-1372

Vrsta, podvrsta i kategorija rada
Radovi u časopisima, članak, znanstveni

Ključne riječi
digital forensic ; Windows indexing system ; database ; file recovery tools ; record recovery tools.

Sažetak
When forensic analysis of the Windows operating system and the search for the existence of suspected files, applications, or artifacts of the operating system, the process of restoring deleted data is very often hard drives (SSD) SATA or NVMe interfaces in personal computers and taking into account properties such as wear leveling and garbage collection solid state hard drives, it is significantly difficult to recover deleted data as well as proving the start and presence of suspected files on the computers of the attacker or victim. This article analyzes the Windows Windows Search feature with a linked Windows.edb file as well as the 3rd Party application for indexing operating system files to find records of suspect files, metadata, applications, and their activities relevant to forensic analysis.

Izvorni jezik
Engleski

Znanstvena područja
Računarstvo, Sigurnosne i obrambene znanosti

POVEZANOST RADA