文章基本信息

标题：Auditing Windows 7 Registry Keys to track the traces left out in copying files from system to external USB Device
本地全文：下载
作者：Abhijeet Ramani ; Somesh Kumar Dewangan
期刊名称：International Journal of Computer Science and Information Technologies
电子版ISSN：0975-9646
出版年度：2014
卷号：5
期号：2
页码：1045-1052
出版社：TechScience Publications
摘要：Today in the world of big data, information is critical and corporate professional firms are adopting the digital forensic technique for detecting the action timeline of the activities carried out. Digital forensics is an important subdivision of data and network security. With the increase in technology, attacks on data are also increasing. It is very difficult to cultivate the methods for maintaining the CIA (Confidentiality, Integrity & Authenticity) security principles. In this paper, we describe the importance of the study on computer & digital forensics. This work aims to point out the importance of windows forensic analysis to extract and identify the hidden information which shall act as an evidence tool to track the copying of data into external flash drives, such as an USB storage device. Windows registry forensic keys can be applied in carrying the investigation process. For the sake of simplicity, there will only be the reference to the windows 7 operating system. Our main focus will be on to track the identification of files that might have been copied into external USB mass drives in the absence of the legitimate user. Also, we will also see that if certain registry key values are modified then the functionality behaves differently. This paper will briefly introduce the windows 7 registry structure which is very useful for the forensics expert to carry out digital forensic analysis.
关键词：Windows Registry; Windows 7 Forensic Analysis;Windows Registry Structure; Analysing Registry Key;Tracking Copying of data from system to USB