Detailed Information
Cited 0 time in 
Cited 0 time in 
Cited 0 time in
Metadata Downloads
Structure and application of IconCache.db files for digital forensics
- Authors
- Lee, Chan-Youn; Lee, Sangjin
- Issue Date
- Jun-2014
- Publisher
- ELSEVIER SCI LTD
- Keywords
- Anti-forensics; Digital forensics; Icon; IconCache.db; User behavior
- Citation
- DIGITAL INVESTIGATION, v.11, no.2, pp.102 - 110
- Indexed
- SCIE
SCOPUS
- Journal Title
- DIGITAL INVESTIGATION
- Volume
- 11
- Number
- 2
- Start Page
- 102
- End Page
- 110
- ISSN
- 1742-2876
- Abstract
- Anti-forensics has developed to prevent digital forensic investigations, thus forensic investigations to prevent anti-forensic behaviors have been studied in various area. In the area of user activity analysis, "IconCache.db" files contain icon cache information related to applications, which can yield meaningful information for digital forensic investigations such as the traces of deleted files. A previous study investigated the general artifacts found in the IconCache.db file. In the present study, further features and structures of the IconCache.db file are described. We also propose methods for analyzing anti-forensic behaviors (e.g., time information related to the deletion of files). Finally, we introduce an analytical tool that was developed based on the file structure of IconCache.db. The tool parses out strings from the IconCache.db to assist an analyst. Therefore, an analyst can more easily analyze the IconCache.db file using the tool. (C) 2014 Elsevier Ltd. All rights reserved.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - School of Cyber Security > Department of Information Security > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
Related Researcher
- LEE, SANG JIN
- Department of Information Security