Forensic analysis of Windows 10 Sandbox
| Title | Forensic analysis of Windows 10 Sandbox |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Đuranec, A., Gruičić, S., Žagar, M. |
| Conference Name | 2020 43rd International Convention on Information, Communication and Electronic Technology (MIPRO) |
| Date Published | Oct. 2020 |
| Publisher | IEEE |
| ISBN Number | 978-953-233-099-1 |
| Keywords | Collaboration, collaboration agreements, composability, digital forensics, Open Source Software, Operating systems, policy-based governance, Prefetching, pubcrawl, sandbox, Sandboxing, Scalability, Testing, Tools, virtual environments, Windows 10 |
| Abstract | With each Windows operating system Microsoft introduces new features to its users. Newly added features present a challenge to digital forensics examiners as they are not analyzed or tested enough. One of the latest features, introduced in Windows 10 version 1909 is Windows Sandbox; a lightweight, temporary, environment for running untrusted applications. Because of the temporary nature of the Sandbox and insufficient documentation, digital forensic examiners are facing new challenges when examining this newly added feature which can be used to hide different illegal activities. Throughout this paper, the focus will be on analyzing different Windows artifacts and event logs, with various tools, left behind as a result of the user interaction with the Sandbox feature on a clear virtual environment. Additionally, the setup of testing environment will be explained, the results of testing and interpretation of the findings will be presented, as well as open-source tools used for the analysis. |
| URL | https://ieeexplore.ieee.org/document/9245226 |
| DOI | 10.23919/MIPRO48935.2020.9245226 |
| Citation Key | duranec_forensic_2020 |