Abstract | ||
---|---|---|
Digital forensic investigations has become an important field in this era due to the raise of cybercrimes. Therefore, most governments and companies found the urgent need to invest more in research related to digital forensic investigations. To perform digital forensic investigations covering extraction, analysis, and reporting of digital evidences, new methods and techniques are required. One of these methods used when applying digital forensics on a Windows operating system, is PowerShell. While PowerShell is mainly used to configure, manage and administrate the Windows operating system and other installed programs, this paper will also show that it could be used to collect forensic evidences from a Windows operating system. This paper will discuss Windows PowerShell functions and how they can be beneficiary to a digital forensic investigator. Moreover, the paper will focus on the tools and modules made specifically for forensic investigations. Subsequently, different digital forensic experiments will be conducted using PowerForensics tool in order to extract and identify different Windows forensic artifacts. The results are presented the capabilities of PowerForensics tool to extract forensic evidences from Windows operating system and provide an insight into its limitations. |
Year | DOI | Venue |
---|---|---|
2016 | 10.1109/CCC.2016.18 | 2016 Cybersecurity and Cyberforensics Conference (CCC) |
Keywords | DocType | ISBN |
PowerShell Forensics,PowerForensics,Windows Forensics,Winodws artifact,digital investigation | Conference | 978-1-5090-2658-6 |
Citations | PageRank | References |
0 | 0.34 | 4 |
Authors | ||
2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Akram Barakat | 1 | 0 | 0.34 |
Ali Hadi | 2 | 0 | 1.35 |