Forensics visualization of Windows 10 registry
The increase with the volume of data created in digital devices has make the process of evidences analysis become difficult especially for forensic investigator. In addition, most of the existing forensic tools nowadays not all able to provide good visualization of registry information. Some of tool...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2019
|
| Subjects: | |
| Online Access: | http://psasir.upm.edu.my/id/eprint/82965/1/FSKTM%202019%2031%20IR.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-upm-ir.82965 |
|---|---|
| record_format |
uketd_dc |
| spelling |
my-upm-ir.829652020-07-24T02:31:34Z Forensics visualization of Windows 10 registry 2019-01 Awang, Muhamad Safwan The increase with the volume of data created in digital devices has make the process of evidences analysis become difficult especially for forensic investigator. In addition, most of the existing forensic tools nowadays not all able to provide good visualization of registry information. Some of tools only able to provide the list of data but not the actual information that needed by forensic investigator. For example, Registry Viewer product of Forensic Toolkit (FTK) can display all the content of registry file but not all of the data can be view as it in hexadecimal. RegRipper tool also only provides the information of registry file in a textual result. The functions in these forensic tools not suitable if handling large number of data. Moreover, it will only cause mental fatigue for investigator if there is more than one computer they need to analyse. In this paper, a visualization forensics tool is proposed to help making the forensic analysis process become easy and faster. Proposed tool will cover the functions that the existing forensics tools do not have, especially in the visualization part. It is developed to cater for the Windows forensics in the analysis of registry hive files. Moreover, proposed tool trusted able to provide single representation of all registry hive files in one page. Microsoft Windows (Computer file) Computer crimes Computer networks 2019-01 Thesis http://psasir.upm.edu.my/id/eprint/82965/ http://psasir.upm.edu.my/id/eprint/82965/1/FSKTM%202019%2031%20IR.pdf text en public masters Universiti Putra Malaysia Microsoft Windows (Computer file) Computer crimes Computer networks Abdullah, Mohd Taufik |
| institution |
Universiti Putra Malaysia |
| collection |
PSAS Institutional Repository |
| language |
English |
| advisor |
Abdullah, Mohd Taufik |
| topic |
Microsoft Windows (Computer file) Computer crimes Computer networks |
| spellingShingle |
Microsoft Windows (Computer file) Computer crimes Computer networks Awang, Muhamad Safwan Forensics visualization of Windows 10 registry |
| description |
The increase with the volume of data created in digital devices has make the process of evidences analysis become difficult especially for forensic investigator. In addition, most of the existing forensic tools nowadays not all able to provide good visualization of registry information. Some of tools only able to provide the list of data but not the actual information that needed by forensic investigator. For example, Registry Viewer product of Forensic Toolkit (FTK) can display all the content of registry file but not all of the data can be view as it in hexadecimal. RegRipper tool also only provides the information of registry file in a textual result. The functions in these forensic tools not suitable if handling large number of data. Moreover, it will only cause mental fatigue for investigator if there is more than one computer they need to analyse. In this paper, a visualization forensics tool is proposed to help making the forensic analysis process become easy and faster. Proposed tool will cover the functions that the existing forensics tools do not have, especially in the visualization part. It is developed to cater for the Windows forensics in the analysis of registry hive files. Moreover, proposed tool trusted able to provide single representation of all registry hive files in one page. |
| format |
Thesis |
| qualification_level |
Master's degree |
| author |
Awang, Muhamad Safwan |
| author_facet |
Awang, Muhamad Safwan |
| author_sort |
Awang, Muhamad Safwan |
| title |
Forensics visualization of Windows 10 registry |
| title_short |
Forensics visualization of Windows 10 registry |
| title_full |
Forensics visualization of Windows 10 registry |
| title_fullStr |
Forensics visualization of Windows 10 registry |
| title_full_unstemmed |
Forensics visualization of Windows 10 registry |
| title_sort |
forensics visualization of windows 10 registry |
| granting_institution |
Universiti Putra Malaysia |
| publishDate |
2019 |
| url |
http://psasir.upm.edu.my/id/eprint/82965/1/FSKTM%202019%2031%20IR.pdf |
| _version_ |
1747813335718428672 |