Degree Type

Thesis

Date of Award

2013

Degree Name

Master of Science

Department

Electrical and Computer Engineering

First Advisor

Yong Guan

Abstract

ONE OF THE MOST DIFFICULT PROCESSES OF DIGITAL FORENSICS IS UNDERSTANDING HOW NEW TECHNOLOGY INTERACTS WITH CURRENT TECHNOLOGY AND HOW DIGITAL FORENSIC ANALYSTS CAN UTILIZE CURRENT DIGITAL FORENSICS TECHNOLOGIES AND PROCESSES TO RECOVER AND FIND INFORMATION HIDDEN. MICROSOFT HAS RELEASED THEIR NEW OPERATING SYSTEM WINDOWS 8, WITH THIS NEW RELEASE MICROSOFT HAS ADDED SOME FEATURES TO THE OPERATING SYSTEM THAT WILL PRESENT SOME INTERESTING COMPLICATIONS TO DIGITAL FORENSICS.

SINCE THE INITIAL RELEASE OF THE WINDOWS 8 RELEASE CANDIDATES THERE HAVE BEEN SOME RESEARCH RELEASED THAT FOCUS PRIMARILY ON THE NEW USER CREATED ARTIFACTS AND A FEW ARTIFACTS THAT HAVE BEEN ADDED BY THE OPERATING SYSTEM THAT MIGHT CONTAIN VALUABLE INFORMATION. IN THIS PAPER I WILL LOOK AT THE NEW RECOVERY OPTIONS THAT HAVE BEEN INTRODUCED IN WINDOWS 8, AND THE IMPACT THAT HAVE ON THE ARTIFACTS.

THE FIRST THING THAT I PLAN TO LOOK AT IS THE ARTIFACTS DISCOVERED BY THE RESEARCH OF AMANDA THOMSON. ONCE I HAVE ANALYZED THESE ARTIFACTS AND THEN VERIFY THE LOCATIONS ON THE DISK I WILL CREATE A BASELINE DATASET TO COMPARE THE IMPACT OF THE RECOVERY OPTIONS ON THESE ARTIFACTS. I WILL ALSO USE ARTIFACTS OF NEW FEATURES THAT I HAVE RESEARCHED FOR THIS BASELINE.

THE SECOND THING THAT I WILL LOOK AT IS HOW THE VARIOUS RECOVERY OPTIONS IMPACT THE ARTIFACTS THAT ARE FOUND ON THE OPERATING SYSTEM. THIS WILL BE DONE BY INSTALLING WINDOWS 8 IN A VIRTUAL MACHINE ENVIRONMENT AND TAKING SNAPSHOTS OF A BASE IMAGE AND THEN UTILIZING THE VARIOUS RECOVERY METHODS.

THE FINAL THING THAT I WILL INCLUDE IN THIS PAPER IS A DETAILED WALK THROUGH ON WHERE THE ARTIFACTS WILL RESIDE ON THE MACHINE AFTER A RECOVER OPTION HAS BEEN COMPLETED. I WILL EXAMINE THE LOCATIONS ON A LIVE MACHINE AS WELL AS ON A FORENSIC COPY. I WILL SHOW WHAT ARTIFACTS ARE EASILY RECOVERABLE, WHAT ARTIFACTS NEED A LITTLE TIME TO RECOVERY AND WHAT ARTIFACTS THAT WILL NOT BE RECOVERABLE.

Copyright Owner

WENDELL Kenneth JOHNSON

Language

en

File Format

application/pdf

File Size

85 pages

Share

COinS