Design and implementation of a tool for System Restore Point analysis

Sun Mi Yun; Antonio Savoldi; Paolo Gubian; Yeog Kim; Seokhee Lee; Sangjin Lee

doi:10.1109/IIH-MSP.2008.256

Design and implementation of a tool for System Restore Point analysis

Sun Mi Yun, Antonio Savoldi, Paolo Gubian, Yeog Kim, Seokhee Lee, Sangjin Lee

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

When a digital investigation is carried out, the main goal of the forensic practitioner is to find out evidence related to a digital crime on the computer under examination. To make the situation more severe, the perpetrator might have destroyed the evidence, for instance, by deleting the software which has been used to commit illicit actions. Moreover, he/she might have used sophisticated anti-forensic techniques to deceive the forensic examination. Fortunately, on Windows XP-based computer systems, it is possible to observe such attack methods by means of System Restore Point (SRP) analysis. Although the suspect might have removed files or uninstalled applications related to a digital crime, it will be possible to find out traces by analyzing such SRP data structure. We have, therefore, developed an analysis tool that acquires information from the SRP database and analyzes it, by presenting results in a useful format for the forensic examiner. Finally, we have provided a case of study which exemplifies the implemented tool.

Original language	English
Title of host publication	Proceedings - 2008 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2008
Pages	542-546
Number of pages	5
DOIs	https://doi.org/10.1109/IIH-MSP.2008.256
Publication status	Published - 2008
Event	2008 4th International Conference on Intelligent Information Hiding and Multiedia Signal Processing, IIH-MSP 2008 - Harbin, China Duration: 2008 Aug 15 → 2008 Aug 17

Publication series

Name	Proceedings - 2008 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2008

Other

Other	2008 4th International Conference on Intelligent Information Hiding and Multiedia Signal Processing, IIH-MSP 2008
Country/Territory	China
City	Harbin
Period	08/8/15 → 08/8/17

ASJC Scopus subject areas

Artificial Intelligence
Computer Graphics and Computer-Aided Design
Signal Processing

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1109/IIH-MSP.2008.256

Cite this

Yun, S. M., Savoldi, A., Gubian, P., Kim, Y., Lee, S., & Lee, S. (2008). Design and implementation of a tool for System Restore Point analysis. In Proceedings - 2008 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2008 (pp. 542-546). [4604116] (Proceedings - 2008 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2008). https://doi.org/10.1109/IIH-MSP.2008.256

Design and implementation of a tool for System Restore Point analysis. / Yun, Sun Mi; Savoldi, Antonio; Gubian, Paolo et al.
Proceedings - 2008 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2008. 2008. p. 542-546 4604116 (Proceedings - 2008 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2008).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Yun, SM, Savoldi, A, Gubian, P, Kim, Y, Lee, S & Lee, S 2008, Design and implementation of a tool for System Restore Point analysis. in Proceedings - 2008 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2008., 4604116, Proceedings - 2008 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2008, pp. 542-546, 2008 4th International Conference on Intelligent Information Hiding and Multiedia Signal Processing, IIH-MSP 2008, Harbin, China, 08/8/15. https://doi.org/10.1109/IIH-MSP.2008.256

Yun SM, Savoldi A, Gubian P, Kim Y, Lee S, Lee S. Design and implementation of a tool for System Restore Point analysis. In Proceedings - 2008 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2008. 2008. p. 542-546. 4604116. (Proceedings - 2008 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2008). doi: 10.1109/IIH-MSP.2008.256

Yun, Sun Mi ; Savoldi, Antonio ; Gubian, Paolo et al. / Design and implementation of a tool for System Restore Point analysis. Proceedings - 2008 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2008. 2008. pp. 542-546 (Proceedings - 2008 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2008).

@inproceedings{e8446e0e197443f8be2300d9655df93a,

title = "Design and implementation of a tool for System Restore Point analysis",

abstract = "When a digital investigation is carried out, the main goal of the forensic practitioner is to find out evidence related to a digital crime on the computer under examination. To make the situation more severe, the perpetrator might have destroyed the evidence, for instance, by deleting the software which has been used to commit illicit actions. Moreover, he/she might have used sophisticated anti-forensic techniques to deceive the forensic examination. Fortunately, on Windows XP-based computer systems, it is possible to observe such attack methods by means of System Restore Point (SRP) analysis. Although the suspect might have removed files or uninstalled applications related to a digital crime, it will be possible to find out traces by analyzing such SRP data structure. We have, therefore, developed an analysis tool that acquires information from the SRP database and analyzes it, by presenting results in a useful format for the forensic examiner. Finally, we have provided a case of study which exemplifies the implemented tool.",

author = "Yun, {Sun Mi} and Antonio Savoldi and Paolo Gubian and Yeog Kim and Seokhee Lee and Sangjin Lee",

year = "2008",

doi = "10.1109/IIH-MSP.2008.256",

language = "English",

isbn = "9780769532783",

series = "Proceedings - 2008 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2008",

pages = "542--546",

booktitle = "Proceedings - 2008 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2008",

note = "2008 4th International Conference on Intelligent Information Hiding and Multiedia Signal Processing, IIH-MSP 2008 ; Conference date: 15-08-2008 Through 17-08-2008",

}

TY - GEN

T1 - Design and implementation of a tool for System Restore Point analysis

AU - Yun, Sun Mi

AU - Savoldi, Antonio

AU - Gubian, Paolo

AU - Kim, Yeog

AU - Lee, Seokhee

AU - Lee, Sangjin

PY - 2008

Y1 - 2008

N2 - When a digital investigation is carried out, the main goal of the forensic practitioner is to find out evidence related to a digital crime on the computer under examination. To make the situation more severe, the perpetrator might have destroyed the evidence, for instance, by deleting the software which has been used to commit illicit actions. Moreover, he/she might have used sophisticated anti-forensic techniques to deceive the forensic examination. Fortunately, on Windows XP-based computer systems, it is possible to observe such attack methods by means of System Restore Point (SRP) analysis. Although the suspect might have removed files or uninstalled applications related to a digital crime, it will be possible to find out traces by analyzing such SRP data structure. We have, therefore, developed an analysis tool that acquires information from the SRP database and analyzes it, by presenting results in a useful format for the forensic examiner. Finally, we have provided a case of study which exemplifies the implemented tool.

AB - When a digital investigation is carried out, the main goal of the forensic practitioner is to find out evidence related to a digital crime on the computer under examination. To make the situation more severe, the perpetrator might have destroyed the evidence, for instance, by deleting the software which has been used to commit illicit actions. Moreover, he/she might have used sophisticated anti-forensic techniques to deceive the forensic examination. Fortunately, on Windows XP-based computer systems, it is possible to observe such attack methods by means of System Restore Point (SRP) analysis. Although the suspect might have removed files or uninstalled applications related to a digital crime, it will be possible to find out traces by analyzing such SRP data structure. We have, therefore, developed an analysis tool that acquires information from the SRP database and analyzes it, by presenting results in a useful format for the forensic examiner. Finally, we have provided a case of study which exemplifies the implemented tool.

UR - http://www.scopus.com/inward/record.url?scp=54049097548&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=54049097548&partnerID=8YFLogxK

U2 - 10.1109/IIH-MSP.2008.256

DO - 10.1109/IIH-MSP.2008.256

M3 - Conference contribution

AN - SCOPUS:54049097548

SN - 9780769532783

T3 - Proceedings - 2008 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2008

SP - 542

EP - 546

BT - Proceedings - 2008 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2008

T2 - 2008 4th International Conference on Intelligent Information Hiding and Multiedia Signal Processing, IIH-MSP 2008

Y2 - 15 August 2008 through 17 August 2008

ER -

Design and implementation of a tool for System Restore Point analysis

Abstract

Publication series

Other

ASJC Scopus subject areas

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this