Research Article
Tracking User Activity on Personal Computers
@INPROCEEDINGS{10.1007/978-3-642-35515-8_16, author={Anthony Keane and Stephen O’Shaughnessy}, title={Tracking User Activity on Personal Computers}, proceedings={Digital Forensics and Cyber Crime. Third International ICST Conference, ICDF2C 2011, Dublin, Ireland, October 26-28, 2011, Revised Selected Papers}, proceedings_a={ICDF2C}, year={2012}, month={12}, keywords={Information Security Computer Forensics FTK Timeline Analysis}, doi={10.1007/978-3-642-35515-8_16} }
- Anthony Keane
Stephen O’Shaughnessy
Year: 2012
Tracking User Activity on Personal Computers
ICDF2C
Springer
DOI: 10.1007/978-3-642-35515-8_16
Abstract
Combining low cost digital storage with the tendency for the average computer user to keep computer files long after they have become useful has created such large stores of data on computer systems that the cost and time to conduct even a preliminary examination has created new technical and operational challenges for forensics investigations. Popular operating systems for personal computers do not inherently provide services that allow the tracking of the user’s activity that would allow a simple personal audit of their computers to be carried out so the user can see what they were doing, when they did it and how long they spent on each activity. Such audit trails would assist in forensics investigations in building timelines of activity so suspects could be quickly eliminated (or not) from an investigation. This paper gives some insight to the advantages of having a user activity tracking system and explores the difficulties in developing a generic third party solution.