AbstractsComputer Science

Challenges in Windows 8 operating system for digital forensic investigations

by TingTing Goh




Institution: AUT University
Department:
Year: 0
Keywords: Windows 8 operating system; Digital forensic investigations; Operating systems; Digital forensics; Windows forensics; Computer forensics
Record ID: 1300670
Full text PDF: http://hdl.handle.net/10292/7224


Abstract

Windows 8 was released in October 2012 and was followed by Windows 8.1 in October 2013. It was hypothesised that the improvements in Windows 8 and new features of Windows 8 may cause new challenges to digital forensic investigation. Similarly, the forensic techniques that worked perfectly on the past version of Windows might require changes when dealing with a Windows 8 machine. The objective of the research was hence to find out the investigation challenges of the new features in Windows 8 that could impact on the digital forensic investigation process. The research focuses on the digital forensic investigation process gap when dealing with the new version of the operating system. The research first started by reviewing the past Windows platforms with a focus on comparing Windows 7 and Windows 8 to identify the differences. Digital forensic areas such as digital forensic tools and existing digital forensic model were also explored. The problem areas related to digital forensic techniques, Windows 8 digital forensic issues, and Windows 8 features issues were identified. The reviews were narrowed down to review the gap in research in one area. Then the main research question and sub questions for the research were constructed. The main questions chosen for the research was “What new features in Windows 8 Operating System pose new challenges to the digital forensic investigation?” The hypotheses of the research were also defined for testing before the methodology was introduced in order to conduct the experiments to answer the research question and also test the hypothesis. The research phases followed the six phases “Preparation, Incident Response, Data Collection, Data Analysis, the Report and Incident Closure”. Each of the phases was recorded and the results of the findings were used to assist in answering the research questions. Based on the findings, the three new features in Windows 8 of significance were the secure boot, after reset option and communication applications. These features, in Windows 8 were found to bring new challenges for digital forensic investigations.