Repository logo
 
Publication

Digital Forensic Artifacts of the Cortana Device Search Cache on Windows 10 Desktop

2016-08Conference paper Restricted access
Simple item page
dc.contributor.authorDomingues, Patrício
dc.contributor.authorFrade, Miguel
dc.date.accessioned2025-05-22T09:29:05Z
dc.date.available2025-05-22T09:29:05Z
dc.date.issued2016-08
dc.description.abstractMicrosoft Windows 10 Desktop edition has brought some new features and updated other ones that are of special interest to digital forensics analysis. The search box available on the taskbar, next to the Windows start button is one of these novelties. Although the primary usage of this search box is to act as an interface to the intelligent personal digital assistant Cortana, in this paper, we study the digital forensic artifacts of the search box on machines when Cortana is explicitly disabled. Specifically, we locate, characterize and analyze the content and dynamics of the JSON-based files that are periodically generated by the Cortana device search cache system. Forensically important data from these JSON files include the number of times each installed application has been run, the date of the last execution and the content of the custom jump list of the applications. Since these data are collected per user and saved in a resilient text format, they can help in digital forensics, mostly in assisting the validation of other sources of information.eng
dc.description.sponsorshipFinancial support was partially provided in the scope of R&D Unit 50008, financed by the applicable financial framework (FCT/MEC through national funds and when applicable co-funded by FEDER - PT2020 partnership agreement). The authors would also like to thank the reviewers for their insightful comments that led to an improvement of this paper and also for pointing interesting directions for future work.
dc.identifier.doi10.1109/ares.2016.44
dc.identifier.urihttp://hdl.handle.net/10400.8/12959
dc.language.isoeng
dc.peerreviewedn/a
dc.publisherIEEE
dc.relation.hasversionhttps://www.scopus.com/record/display.uri?eid=2-s2.0-85015331865&doi=10.1109%2fARES.2016.44&origin=inward&txGid=6490f5c8e8f5b07f601bd139e08dc54e
dc.relation.ispartof2016 11th International Conference on Availability, Reliability and Security (ARES)
dc.rights.uriN/A
dc.subjectWindows 10
dc.subjectDigital forensics
dc.subjectCortana
dc.subjectDevice search cache
dc.subjectJSON
dc.titleDigital Forensic Artifacts of the Cortana Device Search Cache on Windows 10 Desktopeng
dc.typeconference paper
dspace.entity.typePublication
oaire.citation.conferenceDate2016
oaire.citation.conferencePlaceSalzburg
oaire.citation.endPage344
oaire.citation.startPage338
oaire.citation.title2016 11th International Conference on Availability, Reliability and Security
oaire.versionhttp://purl.org/coar/version/c_970fb48d4fbd8a85
person.familyNameDomingues
person.familyNameFrade
person.givenNamePatrício
person.givenNameMiguel
person.identifier1234758
person.identifier.ciencia-idAA15-6185-C477
person.identifier.ciencia-idA512-9B28-1CEC
person.identifier.orcid0000-0002-6207-6292
person.identifier.orcid0000-0002-4405-7696
person.identifier.scopus-author-id13411315400
person.identifier.scopus-author-id24468034000
relation.isAuthorOfPublicationb88ada5f-0d8b-4e55-ab0a-62aa82ea1388
relation.isAuthorOfPublication95a3fa7a-d37e-45e9-9acb-44c083582fea
relation.isAuthorOfPublication.latestForDiscoveryb88ada5f-0d8b-4e55-ab0a-62aa82ea1388

Files

Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
Digital_Forensic_Artifacts_of_the_Cortana_Device_Search_Cache_on_Windows_10_Desktop.pdf
Size:
143.31 KB
Format:
Adobe Portable Document Format
Download
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.32 KB
Format:
Item-specific license agreed upon to submission
Description:
Download

Collections

ESTG - Comunicações em conferências e congressos internacionais
CIIC - Publicações em Atas de Conferências com Peer Review