Publication
A Digital Forensic View of Windows 10 Notifications
| dc.contributor.author | Domingues, Patricio | |
| dc.contributor.author | Andrade, Luís | |
| dc.contributor.author | Frade, Miguel | |
| dc.date.accessioned | 2022-02-02T10:09:04Z | |
| dc.date.available | 2022-02-02T10:09:04Z | |
| dc.date.issued | 2022-01-31 | |
| dc.description.abstract | Windows Push Notifications (WPN) is a relevant part of Windows 10 interaction with the user. It is comprised of badges, tiles and toasts. Important and meaningful data can be conveyed by notifications, namely by so-called toasts that can popup with information regarding a new incoming email or a recent message from a social network. In this paper, we analyze the Windows 10 Notification systems from a digital forensic perspective, focusing on the main forensic artifacts conveyed by WPN. We also briefly analyze Windows 11 first release’s WPN system, observing that internal data structures are practically identical to Windows 10. We provide an open source Python 3 command line application to parse and extract data from the Windows Push Notification SQLite3 database, and a Jython module that allows the well-known Autopsy digital forensic software to interact with the application and thus to also parse and process Windows Push Notifications forensic artifacts. From our study, we observe that forensic data provided by WPN are scarce, although they still need to be considered, namely if traditional Windows forensic artifacts are not available. Furthermore, toasts are clearly WPN’s most relevant source of forensic data. | pt_PT |
| dc.description.version | info:eu-repo/semantics/publishedVersion | pt_PT |
| dc.identifier.citation | Domingues, P.; Andrade, L.; Frade, M. A Digital Forensic View of Windows 10 Notifications. Forensic. Sci. 2022, 2, 88–106. https://doi.org/ 10.3390/forensicsci2010007 | pt_PT |
| dc.identifier.doi | https://doi.org/ 10.3390/forensicsci2010007 | pt_PT |
| dc.identifier.uri | http://hdl.handle.net/10400.8/6587 | |
| dc.language.iso | eng | pt_PT |
| dc.peerreviewed | yes | pt_PT |
| dc.publisher | MDPI | pt_PT |
| dc.relation | UIDB/CEC/ -4524/2020 | pt_PT |
| dc.relation | UIDB/EEA/50008/2020 | pt_PT |
| dc.relation.ispartofseries | 1; | |
| dc.relation.publisherversion | https://www.mdpi.com/2673-6756/2/1/7/htm | pt_PT |
| dc.rights.uri | http://creativecommons.org/licenses/by/4.0/ | pt_PT |
| dc.subject | Digital forensics | pt_PT |
| dc.subject | Windows 10 | pt_PT |
| dc.subject | Windows 11 | pt_PT |
| dc.subject | Push notifications | pt_PT |
| dc.subject | Sqlite3 | pt_PT |
| dc.title | A Digital Forensic View of Windows 10 Notifications | pt_PT |
| dc.type | journal article | |
| dspace.entity.type | Publication | |
| oaire.citation.endPage | 106 | pt_PT |
| oaire.citation.startPage | 88 | pt_PT |
| oaire.citation.title | Forensic Sciences | pt_PT |
| oaire.citation.volume | 2 | pt_PT |
| person.familyName | Domingues | |
| person.familyName | Frade | |
| person.givenName | Patrício | |
| person.givenName | Miguel | |
| person.identifier | 1234758 | |
| person.identifier.ciencia-id | AA15-6185-C477 | |
| person.identifier.ciencia-id | A512-9B28-1CEC | |
| person.identifier.orcid | 0000-0002-6207-6292 | |
| person.identifier.orcid | 0000-0002-4405-7696 | |
| person.identifier.scopus-author-id | 13411315400 | |
| person.identifier.scopus-author-id | 24468034000 | |
| rcaap.rights | openAccess | pt_PT |
| rcaap.type | article | pt_PT |
| relation.isAuthorOfPublication | b88ada5f-0d8b-4e55-ab0a-62aa82ea1388 | |
| relation.isAuthorOfPublication | 95a3fa7a-d37e-45e9-9acb-44c083582fea | |
| relation.isAuthorOfPublication.latestForDiscovery | 95a3fa7a-d37e-45e9-9acb-44c083582fea |