Proposal / Submission Type
Peer Reviewed Paper
Location
Daytona Beach, Florida
Start Date
19-5-2015 2:30 PM
Abstract
Starting with Windows 7, Microsoft introduced a new feature to the Windows Operating Systems called Jump Lists. Jump Lists stores information about user activities on the host machine. These activities may include links to the recently visited web pages, applications executed, or files processed. Computer forensics investigators may find traces of misuse in Jump Lists auto saved files. In this research, we investigate the forensics values of Jump Lists data. Specifically, we use several tools to view Jump Lists data on a virtual machine. We show that each tool reveal certain types of information about user’s activity on the host machine. This paper also presents a comparative analysis of the tools’ performances. In addition, we suggest different method of viewing contents of hidden folders, present another approach for deleting files from hidden folders, and propose an innovative way of gaining access to application identification numbers (AppIDs.)
Keywords: Windows 7, Jump Lists, operating systems, computer forensics tools, virtual machine, VM
Scholarly Commons Citation
Ghafarian, Ahmad, "Investigating Forensics Values of Windows Jump Lists Data" (2015). Annual ADFSL Conference on Digital Forensics, Security and Law. 3.
https://commons.erau.edu/adfsl/2015/tuesday/3
Included in
Aviation Safety and Security Commons, Computer Law Commons, Defense and Security Studies Commons, Forensic Science and Technology Commons, Information Security Commons, National Security Law Commons, OS and Networks Commons, Other Computer Sciences Commons, Social Control, Law, Crime, and Deviance Commons
Investigating Forensics Values of Windows Jump Lists Data
Daytona Beach, Florida
Starting with Windows 7, Microsoft introduced a new feature to the Windows Operating Systems called Jump Lists. Jump Lists stores information about user activities on the host machine. These activities may include links to the recently visited web pages, applications executed, or files processed. Computer forensics investigators may find traces of misuse in Jump Lists auto saved files. In this research, we investigate the forensics values of Jump Lists data. Specifically, we use several tools to view Jump Lists data on a virtual machine. We show that each tool reveal certain types of information about user’s activity on the host machine. This paper also presents a comparative analysis of the tools’ performances. In addition, we suggest different method of viewing contents of hidden folders, present another approach for deleting files from hidden folders, and propose an innovative way of gaining access to application identification numbers (AppIDs.)
Keywords: Windows 7, Jump Lists, operating systems, computer forensics tools, virtual machine, VM
Comments
Session Chair: LeGrand Gardner, USF-Florida Center for Cybersecurity