Windows Registry Forensic Artifacts; Shellbags For computer Security

Abstract

Computers have become part of every one’s modern life for it’s the tech world that’s shaping all that is happening around us. They are not only used for office work but also as tools for achieving other interests both in office and outside as we try to achieve the digitization dream. Criminals too have not been left behind in the same and have perfected the art of their daily business by inventing tech ways so as to hit on this high end fast growing business environment. This has led to the use of computers to do their job (enhance crime activities) which has seen them leverage in an environment that’s friendly and very few people in the society suspect. Still, they have created an uneasy atmosphere for those yet to adopt tech in their institutions because they fear being lured and in return become victims. This has led to forensics growth amongst all institutions that have adopted the tech devices available in the market hence the need to venture in to forensics so as define the underlying issues. Still forensics can help define what and how these criminals managed to get authentication, gain access and steal from our systems. Most forensic analysis tools recover the information that might have been deleted from systems and probably show what has been stolen but fail to provide factual evidence relating to these crimes. This has in return informed the need to study forensics artifacts that can be retrieved from the operating system of the given computers leading to identification of Shellbags as the artifacts that provide the wealthiest information relating to these activities that took place on the system. However, less study has been done regarding them leading to limited knowledge on the Shellbags as artifacts. Through the use of exploratory research, this study demonstrates how the use of Shellbags forensics artifacts information can inform the professional practitioners on the use of the available artifacts to enhance security for our computer systems and further advance their skills on forensics. This is because the right interpretation of forensic artifacts is vital for any investigation thus eliminating the instance of false accusations.