A TOOL FOR EXTRACTING STATIC AND VOLATILE FORENSIC ARTIFACTS OF WINDOWS 8.x APPS

机译：用于提取Windows 8.x应用程序的静态和易失性法医伪影的工具

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Microsoft Windows 8 introduced lightweight sandboxed applications called "apps" that provide a full range of functionality on top of touch-enabled displays. Apps offer a wide range of functionality, including media editing, file sharing, Internet surfing, cloud service usage, online social media activities and audio/video streaming for the Windows 8 and 8.1 operating systems. The use of these apps produces much more forensically-relevant information compared with conventional application programs. This chapter describes MetroExtractor, a tool that gathers static and volatile forensic artifacts produced by Windows apps. The volatile artifacts are extracted from the hibernation and swap files available on storage media. MetroExtractor creates a timeline of user activities and the associated data based on the collected artifacts. The tool appears to be the first implementation for extracting forensically-sound static and volatile Windows 8 app artifacts from a system hard disk.

机译：Microsoft Windows 8引入了称为“Apps”的轻量级沙盒应用，该应用程序在启用触摸的显示屏上提供全方位的功能。应用程序提供广泛的功能，包括媒体编辑，文件共享，Internet冲浪，云服务使用，在线社交媒体活动和Windows 8和8.1操作系统的音频/视频流。与传统的应用程序相比，使用这些应用程序会产生更多的富集相关信息。本章介绍了MetroExtractor，该工具可以收集Windows应用程序产生的静态和易失性的法医伪影。从存储介质上可用的休眠和交换文件中提取挥发性伪像。 MetroExtractor基于所收集的工件创建用户活动的时间表和相关数据。该工具似乎是从系统硬盘中提取法对声音静态和易失性Windows 8应用程序伪影的第一个实现。

著录项

来源
《IFIP WG 11.9 International Conference on Digital Forensics》|2015年||共19页
会议地点
作者
Shariq Murtuza; Robin Verma; Jayaprakash Govindaraj; Gaurav Gupta;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类计算技术、计算机技术;
关键词
Windows forensics; Windows Metro apps; forensic timelines;

机译：Windows取证;Windows Metro Apps;法医时间表;

相似文献

外文文献
中文文献
专利

1. Digital forensic artifacts of the Your Phone application in Windows 10 [J] . Domingues Patricio, Frade Miguel, Andrade Luis Miguel, Digital investigation . 2019,第Sepa期

机译：Windows 10中您的手机应用程序的数字取证工件
2. Application of Static Forensics Method for Extracting Steganographic Files on Digital Evidence Using the DFRWS Framework [J] . Sunardi, Imam Riadi, Muh. Hajar Akbar Jurnal RESTI: Rekayasa Sistem dan Teknologi Informasi . 2020,第3期

机译：静态取证方法应用DFRWS框架在数字证据上提取隐性文件的应用
3. Static Headspace Analysis Using Low-Pressure Gas Chromatography and Mass Spectrometry, Application to Determining Multiple Partition Coefficients: A Practical Tool for Understanding Red Wine Fruity Volatile Perception and the Sensory Impact of Higher Alco [J] . Margaux Cameleyre, Georgia Lytra, Jean-Christophe Barbe Analytical chemistry . 2018,第18期

机译：使用低压气相色谱和质谱分析，用于确定多个隔离系数的应用：了解红葡萄酒果味的实用工具，用于更高的ALCO的红葡萄酒挥发性感知和感官影响
4. A TOOL FOR EXTRACTING STATIC AND VOLATILE FORENSIC ARTIFACTS OF WINDOWS 8.x APPS [C] . Shariq Murtuza, Robin Verma, Jayaprakash Govindaraj, IFIP WG 11.9 International Conference on Digital Forensics . 2015

机译：WINDOWS 8.x APPS的静态和可变法证伪像提取工具
5. A forensic comparison: Windows 7 and Windows 8 [D] . Wilson, Peter J. 2013

机译：法医比较：Windows 7和Windows 8
6. Non-Volatile Memory Forensic Analysis in Windows 10 IoT Core [O] . Juan Manuel Castelo Gómez, José Roldán Gómez, Javier Carrillo Mondéjar, 2019

机译：Windows 10 IOT核心中的非易失性内存法医分析
7. A TOOL FOR EXTRACTING STATIC AND VOLATILE FORENSIC ARTIFACTS OF WINDOWS 8.x APPS [O] . Shariq Murtuza, Robin Verma, Jayaprakash Govindaraj, 2015

机译：用于提取Windows 8.x应用程序的静态和易失性法医伪影的工具
8. Extracting Forensic Artifacts from Windows O/S Memory [R] . Okolica, J. S., Peterson, G. L. 2011

机译：从Windows操作系统内存中提取取证工件

A TOOL FOR EXTRACTING STATIC AND VOLATILE FORENSIC ARTIFACTS OF WINDOWS 8.x APPS

摘要

著录项

相似文献

相关主题

期刊订阅