Digital Forensics and Cyber Crime. Third International ICST Conference, ICDF2C 2011, Dublin, Ireland, October 26-28, 2011, Revised Selected Papers

Research Article

Tracking User Activity on Personal Computers

Download
514 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-35515-8_16,
        author={Anthony Keane and Stephen O’Shaughnessy},
        title={Tracking User Activity on Personal Computers},
        proceedings={Digital Forensics and Cyber Crime. Third International ICST Conference, ICDF2C 2011, Dublin, Ireland, October 26-28, 2011, Revised Selected Papers},
        proceedings_a={ICDF2C},
        year={2012},
        month={12},
        keywords={Information Security Computer Forensics FTK Timeline Analysis},
        doi={10.1007/978-3-642-35515-8_16}
    }
    
  • Anthony Keane
    Stephen O’Shaughnessy
    Year: 2012
    Tracking User Activity on Personal Computers
    ICDF2C
    Springer
    DOI: 10.1007/978-3-642-35515-8_16
Anthony Keane1,*, Stephen O’Shaughnessy1,*
  • 1: Institute of Technology Blanchardstown
*Contact email: anthony.keane@itb.ie, stephen.oshaughnessy71@gmail.com

Abstract

Combining low cost digital storage with the tendency for the average computer user to keep computer files long after they have become useful has created such large stores of data on computer systems that the cost and time to conduct even a preliminary examination has created new technical and operational challenges for forensics investigations. Popular operating systems for personal computers do not inherently provide services that allow the tracking of the user’s activity that would allow a simple personal audit of their computers to be carried out so the user can see what they were doing, when they did it and how long they spent on each activity. Such audit trails would assist in forensics investigations in building timelines of activity so suspects could be quickly eliminated (or not) from an investigation. This paper gives some insight to the advantages of having a user activity tracking system and explores the difficulties in developing a generic third party solution.