Research Article
Analysis of Free Download Manager for Forensic Artefacts
@INPROCEEDINGS{10.1007/978-3-642-11534-9_6, author={Muhammad Yasin and Muhammad Wahla and Firdous Kausar}, title={Analysis of Free Download Manager for Forensic Artefacts}, proceedings={Digital Forensics and Cyber Crime. First International ICST Conference, ICDF2C 2009, Albany, NY, USA, September 30-October 2, 2009, Revised Selected Papers}, proceedings_a={ICDF2C}, year={2012}, month={5}, keywords={Free Download Manager Forensic Artefacts Digital Investigation}, doi={10.1007/978-3-642-11534-9_6} }- Muhammad Yasin
Muhammad Wahla
Firdous Kausar
Year: 2012
Analysis of Free Download Manager for Forensic Artefacts
ICDF2C
Springer
DOI: 10.1007/978-3-642-11534-9_6
Abstract
Free Download Manager (FDM) is one of the most popular download managers due to its free availability, high download speed and versatility. It contains a lot of information that is of potential evidentiary value even if a user deletes web browser history, cookies and temporary internet files. This software records download activities across multiple files saved with .SAV extensions in the User Profile. This paper analyzes: 1) the windows registry entries particularly concerned to configuration and user settings, 2) the log files (with .SAV extension) created by FDM to trace download activities, and 3) RAM and swap files from a forensic perspective. This research work describes a number of traces left behind after the use of FDM such as install location, default download path, downloaded files, and menu extensions to name a few, thus enabling digital investigators to search for and interpret download activities. The widespread use of FDM makes this research work an attractive option for forensic investigators, ranging from law enforcement agencies to employers monitoring personnel.