Abstract
Digital forensics helps an investigator to find traces of any malicious activity of user, done by using a particular piece of software. In recent years, analysis of computer software products has been done for collection of forensics artifacts, using traditional digital forensic approach. But as the traditional forensics has now been established as a standard, more people are familiar with the forensic processes. They know where traces can be left behind and how to get rid of them so as to eliminate possible evidence. Thus anti forensic techniques are imposing as disruptive challenge for investigators. In this paper we discuss recent trends in the field of artifacts collection and highlight some challenges that have made finding and collecting forensics artifacts a very hard job. We examine whether it is possible for a forensics investigator to rely on old traditional approach or not. Furthermore in conclusion we suggest possible solutions and new areas where we can find evidences.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Castiglione, A., Cattaneo, G.: Automatic, Selective and Secure Deletion of Digital Evidence. In: International Conference on Broadband and Wireless Computing, pp. 392–398 (2011)
Yasin, M., Wahla, M.A., Kausar, F.: Analysis of Download Accelerator Plus (DAP) for Forensic Artefacts. In: Fifth International Conference on IT Security Incident Management and IT Forensics, pp. 142–152 (2009)
Yasin, M., Cheema, A.R., Kausar, F.: Analysis of Internet Download Manager for collection of digital forensic artefacts. Digital Investigation 7(1-2), 90–94 (2010)
Lallie, H.S., Briggs, P.J.: Windows 7 registry forensic evidence created by three popular bittorrent clients. Digital Investigation 7(3-4), 127–134 (2011)
Fellows, G.: WinRAR temporary folder artefacts. Digital Investigation 7(1-2), 9–13 (2010)
Van Dongen, W.S.: Forensic artefacts left by Windows Live Messenger 8.0. Digital Investigation 4(2), 73–87 (2007)
Carvey, H.: The Windows Registry as a forensic resource. Digital Investigation 2(3), 201–205 (2005)
Event Log, http://windows.microsoft.com/en-IN/windows7/What-information-appears-in-event-logs-Event-Viewer
Windows Temporary files, http://support.microsoft.com/kb/92635
Oha, J., Leeb, S., Leea, S.: Advanced evidence collection and analysis of web browser activity. Digital Investigation 8(suppl.), S62–S70 (2011)
Shinder, L., Cross, M.: Chapter 7 – Acquiring Data, Duplicating Data, and Recovering Deleted Files. Scene of the Cybercrime, 2nd edn., pp. 305–346. Syngress Publication (2008)
Smid, M.E., Branstad, D.K.: Data Encryption Standard: past and future. Proceedings of the IEEE 76(5), 550–559 (2002)
Bares, R.A.: Hiding in a Virtual World: Using unconventionally installed operating system. In: International Conference on Intelligence and Security Informatics, pp. 276–284 (2009)
Gutmann, P.: Secure Deletion of Data from Magnetic and Solid-State Memory. In: Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography, vol. 6, pp. 77–89. USENIX Association, Berkeley (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gupta, D., Mehtre, B.M. (2013). Recent Trends in Collection of Software Forensics Artifacts: Issues and Challenges. In: Thampi, S.M., Atrey, P.K., Fan, CI., Perez, G.M. (eds) Security in Computing and Communications. SSCC 2013. Communications in Computer and Information Science, vol 377. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40576-1_30
Download citation
DOI: https://doi.org/10.1007/978-3-642-40576-1_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40575-4
Online ISBN: 978-3-642-40576-1
eBook Packages: Computer ScienceComputer Science (R0)