Digital Forensics and Cyber Crime. First International ICST Conference, ICDF2C 2009, Albany, NY, USA, September 30-October 2, 2009, Revised Selected Papers

Research Article

Analysis of Free Download Manager for Forensic Artefacts

Download
508 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-11534-9_6,
        author={Muhammad Yasin and Muhammad Wahla and Firdous Kausar},
        title={Analysis of Free Download Manager for Forensic Artefacts},
        proceedings={Digital Forensics and Cyber Crime. First International ICST Conference, ICDF2C 2009, Albany, NY, USA, September 30-October 2, 2009, Revised Selected Papers},
        proceedings_a={ICDF2C},
        year={2012},
        month={5},
        keywords={Free Download Manager Forensic Artefacts Digital Investigation},
        doi={10.1007/978-3-642-11534-9_6}
    }
    
  • Muhammad Yasin
    Muhammad Wahla
    Firdous Kausar
    Year: 2012
    Analysis of Free Download Manager for Forensic Artefacts
    ICDF2C
    Springer
    DOI: 10.1007/978-3-642-11534-9_6
Muhammad Yasin1,*, Muhammad Wahla1,*, Firdous Kausar1,*
  • 1: National University of Science and Technology
*Contact email: yaseenyns@gmail.com, arif.wahla@gmail.com, firdous.imam@gmail.com

Abstract

Free Download Manager (FDM) is one of the most popular download managers due to its free availability, high download speed and versatility. It contains a lot of information that is of potential evidentiary value even if a user deletes web browser history, cookies and temporary internet files. This software records download activities across multiple files saved with .SAV extensions in the User Profile. This paper analyzes: 1) the windows registry entries particularly concerned to configuration and user settings, 2) the log files (with .SAV extension) created by FDM to trace download activities, and 3) RAM and swap files from a forensic perspective. This research work describes a number of traces left behind after the use of FDM such as install location, default download path, downloaded files, and menu extensions to name a few, thus enabling digital investigators to search for and interpret download activities. The widespread use of FDM makes this research work an attractive option for forensic investigators, ranging from law enforcement agencies to employers monitoring personnel.