MACHINE LEARNING BASED ADAPTIVE FORENSIC ARTIFACTS COLLECTION FROM WINDOWS REGISTRY

Abstract

In this modern era of rapidly increasing digitalization where most of the critical and important data resides on the storage of digital devices, out of which computers are the most commonly used devices on the planet. Computer users are higher in numbers among all digital devices and majority of them use Microsoft Windows being the user friendly Operating System (OS). Digital crimes are and will remain the major challenge associated with the latest developments in technology. Most of the threatening digital crimes belong to computer systems. Keeping in view the importance of computers in our lives and associated computer crimes, digital Investigations have become an important field and specially when Microsoft Windows; being most used OS is involved in the investigation. Windows OS registry is an important component which maintains record of almost all applications’ activities and hence required to be digitally investigated. Windows Registry was introduced in Windows 3.1 and from there on registry is growing considerably in size with the evolution of Windows. The problem arises for digital investigators to find out the mouth-watering forensic artifacts from the provided huge volume of registry values. Finding such artifacts is a tedious task and takes a lot of time. In order to solve huge registry puzzle, a Machine Learning (ML) based dynamic technique is introduced in this research which can automate extraction of relevant forensic artifacts from Windows Registry. Resulted technique will help in efficiently simplifying the Digital Investigations and makes Investigator’s life simpler.