Biblio

Operating systems have various components that produce artifacts. These artifacts are the outcome of a user’s interaction with an application or program and the operating system’s logging capabilities. Thus, these artifacts have great importance in digital forensics investigations. For example, these artifacts can be utilized in a court of law to prove the existence of compromising computer system behaviors. One such component of the Microsoft Windows operating system is Shellbag, which is an enticing source of digital evidence of high forensics interest. The presence of a Shellbag entry means a specific user has visited a particular folder and done some customizations such as accessing, sorting, resizing the window, etc. In this work, we forensically analyze Shellbag as we talk about its purpose, types, and specificity with the latest version of the Windows 11 operating system and uncover the registry hives that contain Shellbag customization information. We also conduct in-depth forensics examinations on Shellbag entries using three tools of three different types, i.e., open-source, freeware, and proprietary tools. Lastly, we compared the capabilities of tools utilized in Shellbag forensics investigations.

The Internet of Things (IoT) has revolutionized the way of how pervasive computing devices communicate and disseminate information over the global network. A plethora of user data is collected and logged daily into cloud-based servers. Such data can be analyzed by the IoT infrastructure to capture users' behaviors (e.g. users' location, tagging of smart home occupancy). This brings a new set of security challenges, specifically user anonymity. Existing access control and authentication technologies failed to support user anonymity. They relied on the surrendering of the device/user authentication parameters to the trusted server, which hence could be utilized by the IoT infrastructure to track users' behavioral patterns. This paper, presents two novel configurable privacy-preserving authentication schemes. User anonymity capabilities were incorporated into our proposed authentication schemes through the implementation of two crypto-based approaches (i) Zero Knowledge Proof (ZKP) and (ii) Verifiable Common Secret Encoding (VCSE). We consider a user-oriented approach when determining user anonymity. The proposed authentication schemes are dynamically capable of supporting various levels of user privacy based on the user preferences. To validate the two schemes, they were fully implemented and deployed on an IoT testbed. We have tested the performance of each proposed schemes in terms of power consumption and computation time. Based on our performance evaluation results, the proposed ZKP-based approach provides better performance compared to the VCSE-based approach.