Forensic Artifacts Analysis on Windows 10 Operating System from the View of Digital Forensics Investigator

Abstract

Today digital devices are becoming one of the essential devices for day to day activities with the people’s complex lives and it is growing rapidly. Bad impact is, criminals are committing crimes by using same devices. But no one knows that those devices silently leave evidences on their activities. From the forensic view, digital devices can used to track the individual’s activities without much effort. Forensic investigators also in a more challenging era because with the advancement of the digital industry. Day to day software and hardware vendors are updating their systems. Investigators also need to re-investigate new systems continuously as soon as they release new version to gather the maximum evidence to make a suspect as a guilty person. Whenever, new operating system or new version is released, forensic investigators need to re-investigate it to identify possible changes on the system. One of the best ways to conduct the investigation is try to identify, similarities and the significant differences with the previous releases. It also needs to identify possible new evidences. (This is common for any operating system). Windows 10 operating system released on august 2015. From the forensic view, it is critical to identify possible new forensic artifacts and similarities in between windows 10 and previous releases. The objective of this research is to identify possible forensic artifacts on windows 10 operating system which are important especially for forensic investigators. During the investigation, forensically examines the windows 10 operating system with open source forensically accepted tools. Outcome of the thesis is not only important for legal authorities, but also it is important audit security incidents and digital threats. Security auditors can correlate the findings to meet the complex organizational requirements.