AXREL : automated extracting registry and event logs for windows forensics

Name: Vasaka Visoottiviseth

Organization : Mahidol University. Faculty of Information and Communication Technology

Name: Arnon Noonkhan

Organization : Mahidol University. Faculty of Information and Communication Technology

Email : arnon.noo@student.mahidol.ac.th

Name: Ray Phonpanit

Organization : Mahidol University. Faculty of Information and Communication Technology

Email : ray.pho@student.mahidol.ac.th

Name: Picha Wanichayagosol

Organization : Mahidol University. Faculty of Information and Communication Technology

Email : picha.wan@student.mahidol.ac.th

Name: Sumedt Jitpukdebodin

Organization : Secure D Group Co., Ltd

Email : sumedt.j@secure-d.tech

keyword: Windows Forensics

LCSH: Digital forensic science

; Windows Registry

; Windows Event Log

; Evidence Extraction

Abstract: When a cyber incident occurs, digital forensic is then essential for investigating how hackers compromised the system or how malware functioned. In this paper, we focus on Windows forensics which is one important branch of digital forensics. Windows forensics can be performed using some existing investigation tools that are expensive and require training before using them, while the current number of welltrained staffs in the cybersecurity field is limited. Moreover, in the step of evidence analysis, Windows forensic investigators need to manually extract certain files such as Windows registry and Windows event logs, which is a repetitive and timeconsuming task. Therefore, we propose AXREL as an automated Windows evidence extracting application to facilitate new Windows forensic investigators by providing a userfriendly GUI. Our application is developed by Python 3 on the Windows platform. It can automatically extract Windows registry and event logs, which are the primary sources of evidence for Windows forensics

King Mongkut's University of Technology North Bangkok. Central Library

Address: BANGKOK

Email: library@kmutnb.ac.th

Created: 2023

Modified: 2024-04-17

Issued: 2024-04-17

บทความ/Article

application/pdf

BibliograpyCitation : In Institute of Electrical and Electronics Engineers. The 27th International Computer Science and Engineering Conference 2023 (ICSEC 2023) (pp.74-78). Bangkok : Institute of Electrical and Electronics Engineers

eng

©copyrights King Mongkut's University of Technology North Bangkok

ลำดับที่.	ชื่อแฟ้มข้อมูล	ขนาดแฟ้มข้อมูล	จำนวนเข้าถึง	วัน-เวลาเข้าถึงล่าสุด
1	ICSEC 2023pp.74-78.pdf	1.05 MB	1	2024-08-04 10:27:15

ใช้เวลา

0.036515 วินาที