Forensic analysis of system restore points in microsoft windows XP

被引:7
|
作者
Harms, Kris [1 ]
机构
[1] MANDIANT Corp, Alexandria, VA 22314 USA
来源
DIGITAL INVESTIGATION | 2006年 / 3卷 / 03期
关键词
windows XP; System Restore points; forensic analysis; intrusion; key logger;
D O I
10.1016/j.diin.2006.08.008
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Investigating computer intrusions is becoming infinitely more complicated with the advancement of post-exploitation techniques currently being used by attackers. We must continually update our traditional forensic techniques to include the more rare investigative steps. Analysis of System Restore points is one of these steps. This article will illustrate how a forensic examiner analyzed System Restore points to reveal traces of evidence which ultimately lead to the complete understanding of the computer and subsequent bank account compromises. (c) 2006 Elsevier Ltd. All rights reserved.
引用
收藏
页码:151 / 158
页数:8
相关论文
共 50 条
  • [1] Forensic analysis of System Restore points in Microsoft Windows XP (vol 3, pg 151, 2006)
    Harms, Kris
    [J]. DIGITAL INVESTIGATION, 2007, 4 (3-4) : 165 - 165
  • [2] Microsoft Windows XP
    Lake, M
    [J]. FORTUNE, 2002, 144 (10) : 134 - 136
  • [3] Forensic artifacts of Microsoft Windows Vista system
    Purcell, Daniel M.
    Lang, Sheau-Dong
    [J]. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2008, 5075 : 304 - 319
  • [4] Forensic artifacts of Microsoft Windows Vista system
    Purcell, Daniel M.
    Lang, Sheau-Dong
    [J]. INTELLIGENCE AND SECURITY INFORMATICS, PROCEEDINGS, 2008, 5075 : 304 - +
  • [5] Microsoft Windows XP的安装
    张帆
    [J]. 黑龙江交通科技, 2002, (06) : 80 - 82
  • [6] Microsoft Windows XP® accessibility features
    Atkinson, T
    Neal, J
    Grechus, M
    [J]. INTERVENTION IN SCHOOL AND CLINIC, 2003, 38 (03) : 177 - 180
  • [7] Microsoft Windows XP unleashed.
    Gordon, RS
    [J]. LIBRARY JOURNAL, 2002, 127 (04) : 135 - 135
  • [8] Security Threats to Microsoft Windows XP
    Suri, P. K.
    Wadhwa, Manoj
    Kumar, Sachin
    [J]. INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2007, 7 (08): : 199 - 203
  • [9] FORENSIC ENTROPY ANALYSIS OF MICROSOFT WINDOWS STORAGE VOLUMES
    Weston, P. J.
    Wolthusen, S. D.
    [J]. SAIEE AFRICA RESEARCH JOURNAL, 2014, 105 (02): : 63 - 70
  • [10] Show me! Microsoft Windows XP.
    Gordon, RS
    [J]. LIBRARY JOURNAL, 2004, 129 (01) : 149 - 149
12345