Digital Forensics and Windows Sandbox as Anti-forensics tool
DOI:
https://doi.org/10.47392/IRJAEH.2024.0049Keywords:
disposable virtual machines, virtualization, anti-forensics, digital forensics, Windows sandboxAbstract
Digital forensics is facing new challenges with rise in new anti-forensics techniques and tools including virtualization. Virtualization can be used as shield against different types of attacks, at the same time it can be leveraged by attackers as anti-forensics tool. Forensic investigators face enormous challenges while collecting the digital evidences in case where virtualization is used by an attacker. Virtualization comes in different forms, one of the difficulty form is light weight virtualization. Microsoft windows operating system offers sandbox light weight virtualization. Microsoft windows sandbox is an isolated testing environment to run programs or open files without affecting the application, system, or platform on which they run. After closing the sandbox nothing persists on the device, everything is discarded. This paper reveals the anti-forensics capabilities of sandbox and possible solutions to collect the forensics artefacts using windows registry. Registry analysis revealed that only use of sandbox on host operating system is discoverable and activities and data inside the sandbox are discarded permanently.
Downloads
Downloads
Published
Issue
Section
License
Copyright (c) 2024 International Research Journal on Advanced Engineering Hub (IRJAEH)
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
. 