Case based interpretation of windows 10 registry forensics

Abstract

With the advancement in computer technologies, cybercrimes advanced too. As in today’s world, the technology knowledge to attack a computer is less than ever, with the help of advanced tools that does most of the work. Digital forensic investigations are crucial in solving this type of crimes, and it must be done professionally. Computer registries play a big part in the digital forensic investigation, it can help find artifacts that are left by the cybercrimes, dates of the crimes on the computer system and the user at the time of the crime. In this research, interpretation of these artifacts is the main focus, committees and jurors are the focus of the interpretations of the registries. Two types of cases are subject to investigation in this research. BitTorrent clients’ use for downloading illegal o copyrighted content, and three clients are chosen for this digital forensic investigation uTorrent, Vuze and BitComet. Theft using USB storage devices is the second type of case, where there are three types of USB devices Mass Storage Class, Picture Transfer Protocol and Media Transfer Protocol, each type of USB devices leaves different artifacts behind during insertion and removal. A web based dashboard will be developed to help with the process of interpretation the artifacts found in the registry of the computer system. A categorization process of each cybercrime case will be conduct to evaluate the severity of the case depending on the artifacts found in the digital forensics investigation process. The research methodology will consist of three phases. The first phase will be information gathering including literature review, requirements gathering and dataset gathering for the research. Performing digital forensics analysis will be the second phase and it includes planning, identification and reconnaissance. Last phase will include result analysis and discussion.