Design and Implementation of a Digital Forensics Tool to Enhance Windows Artifact Analysis

Manar Talat Ahmad

Abstract


Although the wide use of technology came with many advantages and facilities to the people daily life, it causes the cybercrime to be raised. Digital forensics is one of the most important scientific fields, aiming to investigate cybercrimes and analyze digital evidence. Among different technology’s platforms, operating systems is one of the most important sources of evidence for digital forensic analysts providing a rich information that can used to get important insights. Examples of such evidence include identifying programs that have been executed on a computer, determining files that have been accessed, and identifying storage devices that were connected via USB ports. Practically, accessing and handling this raw information using manual methods is time-consuming, in addition to the lack of accuracy in results due to human errors. In this work, a GUI-based tool is presented to handle most of the evidence provided by Windows operating system that can be used in digital forensics. The research aims to fill the gap caused by the lack of a free tool that deals with these sources, as most available tools are either commercial tools that are complex to use and require expert-level experience. In contrast, available free tools have limited-capability since they are focusing only on one type of evidence. The introduced tool was designed and developed using the C# programming language and was tested on the Windows 10 operating system, where it successfully extracted the required information efficiently and smoothly.

Keywords


cybercrime investigation; digital forensics; jump list; LNK files; prefetch files; recent apps; userassist; windows artifacts analysis

Full Text:

PDF

References


D. Huici and R. Rodríguez, “A Dataset of Windows System Binaries and Similarity Digests for Enhanced Forensic Analysis,” Data in Brief, Vol. 62, p. 111993, 2025, DOI: 10.1016/j.dib.2025.111993.

Y. Huang, “Application of Digital Forensics in Cybercrime Investigations,” Applied and Computational Engineering, Vol. 151, pp. 69–74, 2025, DOI: 10.54254/2755-2721/2025.22847.

M. Murugamani, B. Unhelkar, and S. S., “Digital Forensics in Cybercrime Investigations: Legal and Technical Challenges,” International Insurance Law Review, Vol. 33, 2026, DOI: 10.65677/iilr.33.S5.68.

J. Han, J. Park, H. Chung, and S. Lee, “Forensic Analysis of the Windows Telemetry for Diagnostics,” arXiv, 2020, DOI: 10.48550/arXiv.2002.12506.

A. Budhrani, U. Singh, and B. Singh, “Forensic Analysis of Windows 11 Prefetch Artifact,” in Proceedings of the 2022 IEEE Bombay Section Signature Conference (IBSSC), 2022, DOI: 10.1109/IBSSC56953.2022.10037260.

A. Neyaz and N. Shashidhar, “Windows Prefetch Forensics,” in Digital Forensics, Springer, 2022, DOI: 10.1007/978-3-031-10706-1_9.

D. Joo, J. Lee, and D. Jeong, “A Reference Database of Windows Artifacts for File-Wiping Tool Execution Analysis,” Journal of Forensic Sciences, Vol. 68, 2023, DOI: 10.1111/1556-4029.15240.

J. Choi, J. Park, and S. Lee, “Forensic Exploration on Windows File History,” Forensic Science International: Digital Investigation, Vol. 36, p. 301134, 2021, DOI: 10.1016/j.fsidi.2021.301134.

A. Neyaz, N. Shashidhar, C. Varol, and A. Rasheed, “Digital Forensics Analysis of Windows 11 Shellbag with Comparative Tools,” in Proceedings of the International Symposium on Digital Forensics and Security (ISDFS), 2022, pp. 1–10, DOI: 10.1109/ISDFS55398.2022.9800788.

A. Neyaz and N. Shashidhar, “USB Artifact Analysis using Windows Event Viewer, Registry and File System Logs,” Electronics, Vol. 8, p. 1322, 2019, DOI: 10.3390/electronics8111322.

S. Pandey and M. Pal, “A Review on Forensic Significance of Windows 10 Operating System,” International Journal of Research and Analytical Reviews (IJRAR), Vol. 7, No. 2, pp. 130–136, Jun. 2020.

D. Sulekha, A. J. J, I. Venugopal, and M. Sabarinath, “Cyber Forensics: Discovering Traces of Malware on Windows Systems,” 2020, DOI: 10.1109/RAICS51191.2020.9332496.

D. Rathod and P. Sharma, “Digital Forensic Analysis of Ransomware Infected Windows System,” JETIR, Vol. 6, No. 5, pp. 652–664, 2019.

F. Fiadufe, K. Modi, K. Shukla, and F. O. Etyang, “Forensic Investigation and Analysis of Malware in Windows OS,” Int. J. Electron. Secur. Digit. Forensics, Vol. 17, No. 1–2, pp. 169–182, 2025, DOI: 10.1504/IJESDF.2025.143477.

J. Kim, B. Son, J. Yu, and J. Yun, “AI-Driven Prioritization and Filtering of Windows Artifacts for Enhanced Digital Forensics,” Computers, Materials & Continua, Vol. 81, pp. 3371–3393, 2024, DOI: 10.32604/cmc.2024.057234.

R. Jain, J. Gothania, P. D. Zaveri, M. Shah, P. G. Paija, and Y. P. Chawda, “Leveraging AI for Behavioural Analysis of Digital Forensic Artifacts in Cybercrime Investigations,” in Cyber Forensic Frameworks for User-Centric Human Threat Intelligence Analysis, S. Kadry, M. Rai, and P. Tripathi, Eds., IGI Global, 2026, pp. 375–402, DOI: 10.4018/979-8-3373-4898-8.ch012.

S. S. Iyengar, S. Nabavirazavi, Y. Hariprasad, H. B. Prasad, and C. K. Mohan, “Digital Forensics: Tools, Techniques, and Methodologies,” in Artificial Intelligence in Practice. Cham, Switzerland: Springer, 2025, pp. 89–137, DOI: 10.1007/978-3-031-89327-8_3.

N. Aleisa, “The Study of Digital Forensics in KSA: Education, and Prosecution Capabilities: A Needs-based Analysis,” Electronics, Vol. 15, p. 316, 2026, DOI: 10.3390/electronics15020316.

A. Awwad and A. Abdelsattar, “Digital Evidence in Forensic Accounting: A Study in Saudi Legislation,” Cogent Social Sciences, Vol. 11, 2025, DOI: 10.1080/23311886.2025.2522958.




DOI: https://doi.org/10.32520/stmsi.v15i6.6346

Article Metrics

Abstract view : 0 times
PDF - 0 times

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.