Design and implementation of a tool for System Restore Point analysis

Sun Mi Yun, Antonio Savoldi, Paolo Gubian, Yeog Kim, Seokhee Lee, Sangjin Lee

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    1 Citation (Scopus)

    Abstract

    When a digital investigation is carried out, the main goal of the forensic practitioner is to find out evidence related to a digital crime on the computer under examination. To make the situation more severe, the perpetrator might have destroyed the evidence, for instance, by deleting the software which has been used to commit illicit actions. Moreover, he/she might have used sophisticated anti-forensic techniques to deceive the forensic examination. Fortunately, on Windows XP-based computer systems, it is possible to observe such attack methods by means of System Restore Point (SRP) analysis. Although the suspect might have removed files or uninstalled applications related to a digital crime, it will be possible to find out traces by analyzing such SRP data structure. We have, therefore, developed an analysis tool that acquires information from the SRP database and analyzes it, by presenting results in a useful format for the forensic examiner. Finally, we have provided a case of study which exemplifies the implemented tool.

    Original languageEnglish
    Title of host publicationProceedings - 2008 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2008
    Pages542-546
    Number of pages5
    DOIs
    Publication statusPublished - 2008
    Event2008 4th International Conference on Intelligent Information Hiding and Multiedia Signal Processing, IIH-MSP 2008 - Harbin, China
    Duration: 2008 Aug 152008 Aug 17

    Publication series

    NameProceedings - 2008 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2008

    Other

    Other2008 4th International Conference on Intelligent Information Hiding and Multiedia Signal Processing, IIH-MSP 2008
    Country/TerritoryChina
    CityHarbin
    Period08/8/1508/8/17

    ASJC Scopus subject areas

    • Artificial Intelligence
    • Computer Graphics and Computer-Aided Design
    • Signal Processing

    Fingerprint

    Dive into the research topics of 'Design and implementation of a tool for System Restore Point analysis'. Together they form a unique fingerprint.

    Cite this