DiagAnalyzer: User behavior analysis and visualization using Windows Diagnostics logs
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Park, Sungha | - |
dc.contributor.author | Lee, Sangjin | - |
dc.date.accessioned | 2022-12-09T13:42:22Z | - |
dc.date.available | 2022-12-09T13:42:22Z | - |
dc.date.created | 2022-12-08 | - |
dc.date.issued | 2022-09 | - |
dc.identifier.issn | 2666-2817 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/146603 | - |
dc.description.abstract | Windows Diagnostics, which is used by default in Windows 10 and Windows 11, records basic device information as well as various detailed user activities of those who use Windows. Previously, there have been several preceding studies that attempted to apply diagnostics information to digital forensics analysis, but there have been no practical methods or publicly available tools to analyze data in relation to user behavior. Therefore, this paper analyzed how three representative activities (attaching and detaching USB storage devices, web browser activities, and wireless network activities) are recorded in Window Diagnostics. Furthermore, based on the analysis results, we developed DiagAnalyzer, which automatically analyzes the diagnostics event log and visualizes the user's behavior. Through the meth-odology and tool of this paper, the application of Windows Diagnostics deserves further attention as an important artifact in digital forensics investigation for Windows in the future. (c) 2022 The Author(s). Published by Elsevier Ltd on behalf of DFRWS This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/). | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | ELSEVIER SCI LTD | - |
dc.title | DiagAnalyzer: User behavior analysis and visualization using Windows Diagnostics logs | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Lee, Sangjin | - |
dc.identifier.doi | 10.1016/j.fsidi.2022.301450 | - |
dc.identifier.wosid | 000875559100007 | - |
dc.identifier.bibliographicCitation | FORENSIC SCIENCE INTERNATIONAL-DIGITAL INVESTIGATION, v.43 | - |
dc.relation.isPartOf | FORENSIC SCIENCE INTERNATIONAL-DIGITAL INVESTIGATION | - |
dc.citation.title | FORENSIC SCIENCE INTERNATIONAL-DIGITAL INVESTIGATION | - |
dc.citation.volume | 43 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.isOpenAccess | Y | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Interdisciplinary Applications | - |
dc.subject.keywordAuthor | Windows Diagnostics | - |
dc.subject.keywordAuthor | Eventtranscript | - |
dc.subject.keywordAuthor | db | - |
dc.subject.keywordAuthor | Windows forensics | - |
dc.subject.keywordAuthor | Windows 10 | - |
dc.subject.keywordAuthor | Windows 11 | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
(02841) 서울특별시 성북구 안암로 14502-3290-1114
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.