Article
Towards a unified agent-based approach for real time computer forensic evidence collection
Proceedings of the 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2013
Document Type
Conference Proceeding
Publication Date
1-1-2013
Abstract
In this paper we present preliminary results for a real time computer forensics agent that logs computer activity on a Windows computer system for subsequent forensic investigation. The agent, which is developed using the .NET 2010 framework includes six modules. Each module is dedicated to keep track and record a specific category of user activities. For instance, the Windows Event Watcher logs the Windows OS events and the Removable Devices Detector logs any external devices that are plugged in or removed from a system. Currently, the aforementioned two modules are implemented and tested with carefully designed scenarios using Windows XP and Windows 7 operating systems. Copyright 2013 ACM.
DOI Link
ISBN
9781450322409
Publisher
Association for Computing Machinery
Disciplines
Keywords
- Social networking (online),
- Agent-based approach,
- Computer activities,
- Forensic evidence,
- Forensic investigation,
- Real-time computer,
- User activity,
- Windows ossa,
- Windows XP,
- Computer forensics
Scopus ID
Indexed in Scopus
Yes
Open Access
No
https://doi.org/10.1145/2492517.2500310
Citation Information
Shadi Al Awawdeh, Ibrahim Baggili, Andrew Marrington and Farkhund Iqbal. "Towards a unified agent-based approach for real time computer forensic evidence collection" Proceedings of the 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2013 (2013) p. 1492 - 1493 Available at: http://works.bepress.com/andrew-marrington/25/