TY - GEN
T1 - Design and implementation of a tool for System Restore Point analysis
AU - Yun, Sun Mi
AU - Savoldi, Antonio
AU - Gubian, Paolo
AU - Kim, Yeog
AU - Lee, Seokhee
AU - Lee, Sangjin
PY - 2008
Y1 - 2008
N2 - When a digital investigation is carried out, the main goal of the forensic practitioner is to find out evidence related to a digital crime on the computer under examination. To make the situation more severe, the perpetrator might have destroyed the evidence, for instance, by deleting the software which has been used to commit illicit actions. Moreover, he/she might have used sophisticated anti-forensic techniques to deceive the forensic examination. Fortunately, on Windows XP-based computer systems, it is possible to observe such attack methods by means of System Restore Point (SRP) analysis. Although the suspect might have removed files or uninstalled applications related to a digital crime, it will be possible to find out traces by analyzing such SRP data structure. We have, therefore, developed an analysis tool that acquires information from the SRP database and analyzes it, by presenting results in a useful format for the forensic examiner. Finally, we have provided a case of study which exemplifies the implemented tool.
AB - When a digital investigation is carried out, the main goal of the forensic practitioner is to find out evidence related to a digital crime on the computer under examination. To make the situation more severe, the perpetrator might have destroyed the evidence, for instance, by deleting the software which has been used to commit illicit actions. Moreover, he/she might have used sophisticated anti-forensic techniques to deceive the forensic examination. Fortunately, on Windows XP-based computer systems, it is possible to observe such attack methods by means of System Restore Point (SRP) analysis. Although the suspect might have removed files or uninstalled applications related to a digital crime, it will be possible to find out traces by analyzing such SRP data structure. We have, therefore, developed an analysis tool that acquires information from the SRP database and analyzes it, by presenting results in a useful format for the forensic examiner. Finally, we have provided a case of study which exemplifies the implemented tool.
UR - http://www.scopus.com/inward/record.url?scp=54049097548&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=54049097548&partnerID=8YFLogxK
U2 - 10.1109/IIH-MSP.2008.256
DO - 10.1109/IIH-MSP.2008.256
M3 - Conference contribution
AN - SCOPUS:54049097548
SN - 9780769532783
T3 - Proceedings - 2008 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2008
SP - 542
EP - 546
BT - Proceedings - 2008 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2008
T2 - 2008 4th International Conference on Intelligent Information Hiding and Multiedia Signal Processing, IIH-MSP 2008
Y2 - 15 August 2008 through 17 August 2008
ER -