Proposal / Submission Type

Peer Reviewed Paper

Location

Daytona Beach, Florida

Start Date

19-5-2015 2:30 PM

Abstract

Starting with Windows 7, Microsoft introduced a new feature to the Windows Operating Systems called Jump Lists. Jump Lists stores information about user activities on the host machine. These activities may include links to the recently visited web pages, applications executed, or files processed. Computer forensics investigators may find traces of misuse in Jump Lists auto saved files. In this research, we investigate the forensics values of Jump Lists data. Specifically, we use several tools to view Jump Lists data on a virtual machine. We show that each tool reveal certain types of information about user’s activity on the host machine. This paper also presents a comparative analysis of the tools’ performances. In addition, we suggest different method of viewing contents of hidden folders, present another approach for deleting files from hidden folders, and propose an innovative way of gaining access to application identification numbers (AppIDs.)

Keywords: Windows 7, Jump Lists, operating systems, computer forensics tools, virtual machine, VM

Comments

Session Chair: LeGrand Gardner, USF-Florida Center for Cybersecurity

 
May 19th, 2:30 PM

Investigating Forensics Values of Windows Jump Lists Data

Daytona Beach, Florida

Starting with Windows 7, Microsoft introduced a new feature to the Windows Operating Systems called Jump Lists. Jump Lists stores information about user activities on the host machine. These activities may include links to the recently visited web pages, applications executed, or files processed. Computer forensics investigators may find traces of misuse in Jump Lists auto saved files. In this research, we investigate the forensics values of Jump Lists data. Specifically, we use several tools to view Jump Lists data on a virtual machine. We show that each tool reveal certain types of information about user’s activity on the host machine. This paper also presents a comparative analysis of the tools’ performances. In addition, we suggest different method of viewing contents of hidden folders, present another approach for deleting files from hidden folders, and propose an innovative way of gaining access to application identification numbers (AppIDs.)

Keywords: Windows 7, Jump Lists, operating systems, computer forensics tools, virtual machine, VM