Establishing the circumstances of working with USB-devices in the Windows operating system
Authors: Karlova A.V. | |
Published in issue: #4(33)/2019 | |
DOI: 10.18698/2541-8009-2019-4-465 | |
Category: Jurisprudence | Chapter: Criminal Law and Criminology |
|
Keywords: operating system registry, USB-devices, SANS institute, VID and PID USB-devices, GUID, use of USB-device, Windows Registry Recovery, USB Deview, Windows Registry Analyser, Last Activity View |
|
Published: 18.04.2019 |
The paper is concerned with the facts of the use of USB-devices using the registry of the Windows operating system, and specialized software. The author highlighted Windows registry keys that contain forensic information about connected USB devices, and event logs. In this paper showed the list of specialized software that automates the work of an expert in the study of the use of USB-devices. In his paper the author developed guidelines foe experts in the field of forensic computer and technical expertise to answer questions about which USB-devices, when b who connected to the computer under investigation.
References
[1] Akhmadieva R.Sh., Ignatova L.N., Bolkina G.I., et al. An attitude of citizens to state control over the internet traffic. EJAC, 2018, vol. 13, no. 1, art. em82. DOI: 10.29333/ejac/102247 URL: http://www.eurasianjournals.com/An-Attitude-of-Citizens-to-State-Control-Over-the-Internet-Traffic,102247,0,2.html
[2] Vekhov V.B. Osnovy kriminalisticheskogo ucheniya ob issledovanii i ispol’zovanii komp’yuternoy informatsii i sredstv ee obrabotki [Forensic theory fundamentals of research and usage of computer information and information-processing equipment]. Volgograd, VA MVD Rossii Publ., 2008 (in Russ.).
[3] Burenina V.I. System of legislation regulating scientific-technical activity: problems and contradictions. Istoricheskie, filosofskie, politicheskie i yuridicheskie nauki, kul’turologiya i iskusstvovedenie. Voprosy teorii i praktiki [Historical, philosophical, political and law sciences, culturology and study of art. Issues of Theory and Practice], 2013, no. 9-1(35), pp. 19–24 (in Russ.).
[4] Chto takoe reestr Windows 10/8/7? [What is Windows 10/8/7 register?]. it-uroki.ru: website (in Russ.). URL: http://it-uroki.ru/uroki/opytnyj-polzovatel/chto-takoe-reestr-windows.html (accessed: 21.09.2018).
[5] Windows forensic analysis - SANS. sans.org: website. URL: https://www.sans.org/security-resources/posters/windows-forensic-analysis/170/download (accessed: 21.09.2018).
[6] Burenina V.I., Arsen’kina L.S. Primenenie tekhnicheskikh sredstv obucheniya v sovremennom obrazovatel’nom protsesse [Using teaching techniques in contemporary teaching process]. Budushchee mashinostroeniya Rossii [Future of Russian machine engineering]. Moscow, Bauman MSTU Publ., 2008, pp. 607–609 (in Russ.).
[7] Shaaban A., Sapronov K. Practical windows forensics. Packt Publishing, 2016.
[8] Carvey H. Windows registry forensics: advanced digital forensic analysis of the windows registry. Elsevier, 2011.
[9] Burenina V.I. Scientific and technical activities as an object of state administration. Evraziyskiy yuridicheskiy zhurnal [Eurasian Law Journal], 2012, no. 12(55), pp. 142–144 (in Russ.).
[10] USB devices in Windows forensic analysis. andreafortuna.org: website. URL: https://www.andreafortuna.org/forensics/usb-devices-in-windows-forensic-analysis/ (accessed: 21.09.2018).
[11] Windows registry recovery. techworld.com: website. URL: https://www.techworld.com/download/backup-recovery/windows-registry-recovery-155-3214253/ (accessed: 21.09.2018).
[12] USBDeview v2.80. nirsoft.net: website. URL: https://www.nirsoft.net/utils/usb_devices_view.html (accessed: 21.09.2018).
[13] Free registry analyzer for Windows XP, Vista, 7, 8 and 10. new-utilities.net: website. URL: http://www.new-utilities.net/nt_registry_analyzer.html (accessed: 21.09.2018).
[14] LastActivityView v1.32. nirsoft.net: website. URL: https://www.nirsoft.net/utils/computer_activity_view.html (accessed: 21.09.2018).