Biblio

Operating systems have various components that produce artifacts. These artifacts are the outcome of a user’s interaction with an application or program and the operating system’s logging capabilities. Thus, these artifacts have great importance in digital forensics investigations. For example, these artifacts can be utilized in a court of law to prove the existence of compromising computer system behaviors. One such component of the Microsoft Windows operating system is Shellbag, which is an enticing source of digital evidence of high forensics interest. The presence of a Shellbag entry means a specific user has visited a particular folder and done some customizations such as accessing, sorting, resizing the window, etc. In this work, we forensically analyze Shellbag as we talk about its purpose, types, and specificity with the latest version of the Windows 11 operating system and uncover the registry hives that contain Shellbag customization information. We also conduct in-depth forensics examinations on Shellbag entries using three tools of three different types, i.e., open-source, freeware, and proprietary tools. Lastly, we compared the capabilities of tools utilized in Shellbag forensics investigations.

Confidentiality, authentication, privacy and integrity are the pillars of securing data. The most generic way of providing security is setting up passwords and usernames collectively known as login credentials. Operating systems use different techniques to ensure security of login credentials yet brute force attacks and dictionary attacks along with various other types which leads to success in passing or cracking passwords.The objective of proposed HS model is to enhance the protection of SAM file used by Windows Registry so that the system is preserved from intruders.