Skip to main content
Springer Nature Link
Log in

Forensics Analysis of Sandboxie Artifacts

  • Conference paper
Security in Computing and Communications (SSCC 2013)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 377))

Included in the following conference series:

Abstract

SandBox is an isolated environment nowadays being used as an anti-forensics tool by many (criminals) to perform malicious activity. The paper investigates the effectiveness of sandbox environment in widely used tool named as Sandboxie, and outline how to perform investigation when this tool is used to perform a criminal or illegal act. For the purpose of experimental investigation we have considered two test cases and several scenarios. In the first case we assumed that user simply used sandboxie and terminated it, while in second case we assumed the user also deleted the sandboxie contents after using it. In this investigation process, first common places where evidences are usually found in general scenarios are examined, and then other locations in local machine are examined using special forensics tools. Also the main/physical memory (RAM) is captured and examined for traces. Through these experiments we showed that no trails could be found in common places for any activity if a user deletes his sandboxie content. However, the complete isolation does not occur and some traces can be found into the main memory (RAM) as well as in unallocated clusters on the disks. This is a valuable evidence for digital investigator.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Sandboxie, http://www.sandboxie.com

  2. Said, H., Al Mutawa, N., Al Awadhi, I.: Forensic analysis of private browsing artifacts. In: International Conference on Innovations in Information Technology (IIT), pp. 197–202 (2011)

    Google Scholar 

  3. Mrdovic, S., Huseinovic, A.: Forensic analysis of encrypted volumes using hibernation file. In: 19th Telecommunications Forum (TELFOR), pp. 1277–1280 (2011)

    Google Scholar 

  4. Junghoon Oha, J., Leeb, S., Leea, S.: Advanced evidence collection and analysis of web browser activity. Digital Investigation 8(suppl.), 62–70 (2011)

    Google Scholar 

  5. Carvey, H.: The Windows Registry as a forensic resource. Digital Investigations 2(3), 201–205 (2005)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Development and Research in Banking Technology, Reserve Bank of India, India

    Deepak Gupta & B. M. Mehte

Authors
  1. Deepak Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. B. M. Mehte
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Indian Institute of Information Technology and Management, Technopark Campus, 695581, Trivandrum, Kerala, India

    Sabu M. Thampi

  2. Department of Applied Computer Science, The University of Winnipeg, 515 Portage Avenue, R3B 2E9, Winnipeg, MB, Canada

    Pradeep K. Atrey

  3. Electrical and Computer Science Engineering Building, National Sun Yat-sen University, Kaohsiung, Taiwan R.O.C.

    Chun-I Fan

  4. Facultad de Informatica, Campus de Espinardo, s/n, 30.100, Murcia, Spain

    Gregorio Martinez Perez

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gupta, D., Mehte, B.M. (2013). Forensics Analysis of Sandboxie Artifacts. In: Thampi, S.M., Atrey, P.K., Fan, CI., Perez, G.M. (eds) Security in Computing and Communications. SSCC 2013. Communications in Computer and Information Science, vol 377. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40576-1_34

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-40576-1_34

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-40575-4

  • Online ISBN: 978-3-642-40576-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics