Title :
Towards a unified agent-based approach for real time computer forensic evidence collection
Author :
Al Awawdeh, Shadi ; Baggili, Ibrahim ; Marrington, Andrew ; Iqbal, Farkhund
Author_Institution :
Coll. of Technol. Innovation, Zayed Univ., Abu Dhabi, United Arab Emirates
Abstract :
In this paper we present preliminary results for a real time computer forensics agent that logs computer activity on a Windows computer system for subsequent forensic investigation. The agent, which is developed using the .NET 2010 framework includes six modules. Each module is dedicated to keep track and record a specific category of user activities. For instance, the Windows Event Watcher logs the Windows OS events and the Removable Devices Detector logs any external devices that are plugged in or removed from a system. Currently, the aforementioned two modules are implemented and tested with carefully designed scenarios using Windows XP and Windows 7 operating systems.
Keywords :
digital forensics; multi-agent systems; operating systems (computers); .NET 2010 framework; Windows 7 operating systems; Windows Event Watcher; Windows OS events; Windows XP operating systems; Windows computer system; external devices; real time computer forensic evidence collection; removable devices detector; unified agent-based approach; Computers; Databases; Detectors; Educational institutions; File systems; Forensics; Operating systems;
Conference_Titel :
Advances in Social Networks Analysis and Mining (ASONAM), 2013 IEEE/ACM International Conference on
Conference_Location :
Niagara Falls, ON
