Detailed Information
Cited 0 time in 
Cited 0 time in 
Cited 0 time in
Metadata Downloads
Forensic exploration on windows File History
Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Choi, J. | - |
| dc.contributor.author | Park, J. | - |
| dc.contributor.author | Lee, S. | - |
| dc.date.accessioned | 2021-12-05T05:42:00Z | - |
| dc.date.available | 2021-12-05T05:42:00Z | - |
| dc.date.created | 2021-08-31 | - |
| dc.date.issued | 2021 | - |
| dc.identifier.issn | 2666-2825 | - |
| dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/129538 | - |
| dc.description.abstract | Nowadays, a proliferation of flash-memory-based storage devices makes it more difficult to recover deleted files in unallocated areas. Thus, it becomes more important for forensic examiners to find and utilize backed up data generated by specially prepared backup features. As an interesting example of them, File History (FH) included since Windows 8 is a backup feature that can be set and operated by a user. To enable FH, it is required to select a storage device for file backup operations which can be almost any type of storage devices, including a local drive, USB flash drive, network drive, etc. This special backup feature of course allows users to restore backed up files and delete old backup versions whenever they want. Therefore, it is necessary to be able to analyze forensic artifacts that show user behaviors relating to FH, during examination of Windows systems. In this paper, we deeply explore Windows FH feature from a digital forensics perspective. As a result, this paper proposes a three-step examination procedure along with detailed considerations for each step. We also analyze impacts of several anti-forensic actions that users can perform intentionally or unintentionally. Finally, this work develops an open-source tool for identifying FH related artifacts and analyzing user behaviors on backup operations. © 2021 Elsevier Ltd | - |
| dc.language | English | - |
| dc.language.iso | en | - |
| dc.publisher | Elsevier Ltd | - |
| dc.title | Forensic exploration on windows File History | - |
| dc.type | Article | - |
| dc.contributor.affiliatedAuthor | Lee, S. | - |
| dc.identifier.doi | 10.1016/j.fsidi.2021.301134 | - |
| dc.identifier.scopusid | 2-s2.0-85101346882 | - |
| dc.identifier.bibliographicCitation | Forensic Science International: Digital Investigation, v.36 | - |
| dc.relation.isPartOf | Forensic Science International: Digital Investigation | - |
| dc.citation.title | Forensic Science International: Digital Investigation | - |
| dc.citation.volume | 36 | - |
| dc.type.rims | ART | - |
| dc.type.docType | Article | - |
| dc.description.journalClass | 1 | - |
| dc.description.journalRegisteredClass | scopus | - |
| dc.subject.keywordAuthor | Anti-forensic implication | - |
| dc.subject.keywordAuthor | File backup | - |
| dc.subject.keywordAuthor | File history | - |
| dc.subject.keywordAuthor | Forensic artifact | - |
| dc.subject.keywordAuthor | Forensic procedure | - |
| dc.subject.keywordAuthor | Log analysis | - |
| dc.subject.keywordAuthor | Multi-source data analysis | - |
| dc.subject.keywordAuthor | Open-source tool | - |
| dc.subject.keywordAuthor | User behavior analysis | - |
| dc.subject.keywordAuthor | Windows forensics | - |
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - School of Cyber Security > Department of Information Security > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.