TY - GEN
T1 - Tracking user activity on personal computers
AU - Keane, Anthony
AU - O'Shaughnessy, Stephen
PY - 2012
Y1 - 2012
N2 - Combining low cost digital storage with the tendency for the average computer user to keep computer files long after they have become useful has created such large stores of data on computer systems that the cost and time to conduct even a preliminary examination has created new technical and operational challenges for forensics investigations. Popular operating systems for personal computers do not inherently provide services that allow the tracking of the user's activity that would allow a simple personal audit of their computers to be carried out so the user can see what they were doing, when they did it and how long they spent on each activity. Such audit trails would assist in forensics investigations in building timelines of activity so suspects could be quickly eliminated (or not) from an investigation. This paper gives some insight to the advantages of having a user activity tracking system and explores the difficulties in developing a generic third party solution.
AB - Combining low cost digital storage with the tendency for the average computer user to keep computer files long after they have become useful has created such large stores of data on computer systems that the cost and time to conduct even a preliminary examination has created new technical and operational challenges for forensics investigations. Popular operating systems for personal computers do not inherently provide services that allow the tracking of the user's activity that would allow a simple personal audit of their computers to be carried out so the user can see what they were doing, when they did it and how long they spent on each activity. Such audit trails would assist in forensics investigations in building timelines of activity so suspects could be quickly eliminated (or not) from an investigation. This paper gives some insight to the advantages of having a user activity tracking system and explores the difficulties in developing a generic third party solution.
KW - Computer Forensics
KW - FTK
KW - Information Security
KW - Timeline Analysis
UR - http://www.scopus.com/inward/record.url?scp=84873950274&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-35515-8_16
DO - 10.1007/978-3-642-35515-8_16
M3 - Conference contribution
AN - SCOPUS:84873950274
SN - 9783642355141
T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering
SP - 188
EP - 196
BT - Digital Forensics and Cyber Crime - Third International ICST Conference, ICDF2C 2011, Revised Selected Papers
T2 - 3rd International ICST Conference on Digital Forensics and Cyber Crime, ICDF2C 2011
Y2 - 26 October 2011 through 28 October 2011
ER -