Tag Archives: Windows

Application

Application Analysis Update 1

Introduction This project focuses on searching for artifacts left by common desktop applications. We will be analyzing each application within Windows 10. It is the second most popular version of windows. We began by generating data on virtual machines with the chosen applications. The next step is to use various forensic tools to extract information […]

Continue reading

VMWare Analysis Update 1

Introduction The VMWare Analysis team is researching the differences between a Windows 7 machine and Windows 7 virtual machine (VM) as well as the changes between a Windows 10 machine and VM. The end goal for this project is a quad comparison between the both operating system versions and their respective VMs.   VMWare/Physical Machines […]

Continue reading

Application Analysis: A Closer Look At Business Apps

Introduction  The Application Analysis team has continued examining the desktop-based web applications for both Mac and PC. We are currently finalizing our tests with Slack and DropBox. They were searching for files that could hold company, user, and file information. While these are only tests in the context of a real world scenario, this info […]

Continue reading
project recall

Project Recall: Windows 8 and 10 Forensics – Spring 2015

The Project Recall series will revisit successful and productive projects in the LCDI’s past. Windows 8 and 10 The mission of this project is to discover differences in the artifact locations of Windows 8 and Windows 10. It will also be within the scope of this project to find and discover new artifacts that are […]

Continue reading

Windows 10 Forensics: Conclusion

Windows 10 Forensics: Conclusion by Alex Parsons Results As the current semester comes to an end, so must the Windows 10 project. In the past five months we’ve made significant progress in analyzing core Windows 10 artifacts which will be documented in detail in incoming Windows LCDI 10 report. Before we release the report, we […]

Continue reading
Volume Shadow Copy

Volume Shadow Copy Part 2

Where is Volume Shadow Copy on your system? In part two of our blog series on Volume Shadow Copies, we clear up the common misconception that VSC has been removed from Windows 8 and briefly describe how to find the VSC files. We are again looking at Windows XP, Windows 7, and Windows 8.1. Volume […]

Continue reading
Windows 8

Windows 8 Forensics Part 2

Windows 8 Forensics Ethan Fleisher Senator Patrick Leahy Center for Digital Investigation Internet History Google Chrome History – Google Chrome History is stored within <root>users<username>appdatalocalgooglechromeuser datadefault.  After exporting this information out, I loaded it into a tool called Chrome Analysis Plus.  The following image depicts the information that I was able to obtain from Google […]

Continue reading

Windows 8 Forensics

Windows 8 Forensics Ethan Fleisher Senator Patrick Leahy Center for Digital Investigation Overview Today I am starting the preliminary research on the Windows 8 Operating System from a Digital Forensics standpoint. I will be comparing it primarily to known information on the Windows 7 Operating System. There are going to be many items that I […]

Continue reading