A carregar...
Publicação
A Digital Forensic View of Windows 10 Notifications
| Nome: | Descrição: | Tamanho: | Formato: | |
|---|---|---|---|---|
| 924.32 KB | Adobe PDF |
Orientador(es)
Resumo(s)
Windows Push Notifications (WPN) is a relevant part of Windows 10 interaction with the
user. It is comprised of badges, tiles and toasts. Important and meaningful data can be conveyed
by notifications, namely by so-called toasts that can popup with information regarding a new
incoming email or a recent message from a social network. In this paper, we analyze the Windows
10 Notification systems from a digital forensic perspective, focusing on the main forensic artifacts
conveyed by WPN. We also briefly analyze Windows 11 first release’s WPN system, observing that
internal data structures are practically identical to Windows 10. We provide an open source Python 3
command line application to parse and extract data from the Windows Push Notification SQLite3
database, and a Jython module that allows the well-known Autopsy digital forensic software to
interact with the application and thus to also parse and process Windows Push Notifications forensic
artifacts. From our study, we observe that forensic data provided by WPN are scarce, although
they still need to be considered, namely if traditional Windows forensic artifacts are not available.
Furthermore, toasts are clearly WPN’s most relevant source of forensic data.
Descrição
Palavras-chave
Digital forensics Windows 10 Windows 11 Push notifications Sqlite3
Contexto Educativo
Citação
Domingues, P.; Andrade, L.; Frade, M. A Digital Forensic View of Windows 10 Notifications. Forensic. Sci. 2022, 2, 88–106. https://doi.org/ 10.3390/forensicsci2010007
Editora
MDPI