{"title":"下载加速器Plus (DAP)对法医文物的分析","authors":"Muhammad Yasin, M. A. Wahla, F. Kausar","doi":"10.1109/IMF.2009.11","DOIUrl":null,"url":null,"abstract":"Download Accelerator Plus (DAP) is one of the most popular download managers [1] due to its free availability, download speed and versatility. This software records download activities across multiple files which include history, registry, RAM, swap and temporary files. This paper analyzes a) the log files (with .DAT extension), b) windows registry entries, and c) RAM and swap files from forensic view point. We also look at tools and techniques for extracting evidence. This research work describes a number of traces left behind after the use of DAP such as install location, download path, downloaded files and menu extensions to name a few, enabling digital investigators to search and interpret download activities. Moreover the study is supported by a tool, DAP Forensic Artefact Colletor (DAPFAC), that assists forensic examiners by providing valuable information which is retrieved from the windows registry and history files on the basis of analysis performed. The widespread use of DAP makes this analysis, an attractive option, ranging from law enforcement agencies to employees monitoring manager.","PeriodicalId":370893,"journal":{"name":"2009 Fifth International Conference on IT Security Incident Management and IT Forensics","volume":"318 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-09-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"Analysis of Download Accelerator Plus (DAP) for Forensic Artefacts\",\"authors\":\"Muhammad Yasin, M. A. Wahla, F. Kausar\",\"doi\":\"10.1109/IMF.2009.11\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Download Accelerator Plus (DAP) is one of the most popular download managers [1] due to its free availability, download speed and versatility. This software records download activities across multiple files which include history, registry, RAM, swap and temporary files. This paper analyzes a) the log files (with .DAT extension), b) windows registry entries, and c) RAM and swap files from forensic view point. We also look at tools and techniques for extracting evidence. This research work describes a number of traces left behind after the use of DAP such as install location, download path, downloaded files and menu extensions to name a few, enabling digital investigators to search and interpret download activities. Moreover the study is supported by a tool, DAP Forensic Artefact Colletor (DAPFAC), that assists forensic examiners by providing valuable information which is retrieved from the windows registry and history files on the basis of analysis performed. The widespread use of DAP makes this analysis, an attractive option, ranging from law enforcement agencies to employees monitoring manager.\",\"PeriodicalId\":370893,\"journal\":{\"name\":\"2009 Fifth International Conference on IT Security Incident Management and IT Forensics\",\"volume\":\"318 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-09-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Fifth International Conference on IT Security Incident Management and IT Forensics\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IMF.2009.11\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Fifth International Conference on IT Security Incident Management and IT Forensics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IMF.2009.11","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 13
摘要
下载加速器Plus (DAP)是最流行的下载管理器之一[1]由于其免费可用性,下载速度和多功能性。该软件记录多个文件的下载活动,包括历史,注册表,RAM,交换和临时文件。本文从取证的角度分析了a)日志文件(扩展名为。dat), b) windows注册表项,以及c) RAM和交换文件。我们还研究了提取证据的工具和技术。这项研究工作描述了使用DAP后留下的一些痕迹,如安装位置、下载路径、下载文件和菜单扩展等,使数字调查人员能够搜索和解释下载活动。此外,该研究还得到了一个工具的支持,DAP Forensic artifact collector (DAPFAC),该工具通过提供有价值的信息来协助法医审查员,这些信息是在执行分析的基础上从windows注册表和历史文件中检索到的。DAP的广泛使用使这种分析成为一种有吸引力的选择,范围从执法机构到员工监控经理。
Analysis of Download Accelerator Plus (DAP) for Forensic Artefacts
Download Accelerator Plus (DAP) is one of the most popular download managers [1] due to its free availability, download speed and versatility. This software records download activities across multiple files which include history, registry, RAM, swap and temporary files. This paper analyzes a) the log files (with .DAT extension), b) windows registry entries, and c) RAM and swap files from forensic view point. We also look at tools and techniques for extracting evidence. This research work describes a number of traces left behind after the use of DAP such as install location, download path, downloaded files and menu extensions to name a few, enabling digital investigators to search and interpret download activities. Moreover the study is supported by a tool, DAP Forensic Artefact Colletor (DAPFAC), that assists forensic examiners by providing valuable information which is retrieved from the windows registry and history files on the basis of analysis performed. The widespread use of DAP makes this analysis, an attractive option, ranging from law enforcement agencies to employees monitoring manager.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
