Name
Abstract | ||
|---|---|---|
This study provides in-depth understanding of the artifacts and their location created by Cortana application.For decoding and exporting Cortana data, four custom python scripts have been developed to aid forensic investigations.A GUI tool has been introduced to extract and list Cortana web searches.The forensic usefulness of Cortana artifacts is demonstrated in terms of a timeline constructed over a period of time. Cortana, one of the new features introduced by Microsoft in Windows 10 desktop operating systems, is a voice activated personal digital assistant that can be used for searching stuff on device or web, setting up reminders, tracking users' upcoming flights, getting news tailored to users' interests, sending text and emails, and more. Being the platform relatively new, the forensic examination of Cortana has been largely unexplored in the literature. This paper seeks to determine the data remnants of Cortana usage in a Windows 10 personal computer (PC). The research contributes in-depth understanding of the location of evidentiary artifacts on hard disk and the type of information recorded in these artifacts as a result of user activities on Cortana. For decoding and exporting data from one of the databases created by Cortana application, four custom python scripts have been developed. Additionally, as a part of this paper, a GUI tool called CortanaDigger is developed for extracting and listing web search strings, as well as timestamp of search made by a user on Cortana box. Several experiments are conducted to track reminders (based on time, place, and person) and detect anti-forensic attempts like evidence modification and evidence destruction carried out on Cortana artifacts. Finally, forensic usefulness of Cortana artifacts is demonstrated in terms of a Cortana web search timeline constructed over a period of time. |
Year | DOI | Venue |
|---|---|---|
2017 | 10.1016/j.cose.2017.01.007 | Computers & Security |
Keywords | Field | DocType |
Cortana forensics,Windows 10,Windows forensics,ESE database,Microsoft Edge forensics | String searching algorithm,Forensic examination,Internet privacy,World Wide Web,Computer science,Computer security,Personal computer,Timeline,Timestamp,Python (programming language),Voice command device,Scripting language | Journal |
Volume | Issue | ISSN |
66 | C | 0167-4048 |
Citations | PageRank | References |
2 | 0.44 | 3 |
Authors | ||
2 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Bhupendra Singh | 1 | 6 | 2.09 |
| Upasna Singh | 2 | 10 | 4.90 |