Browse > Article
http://dx.doi.org/10.13089/JKIISC.2014.24.1.135

The analysis of Windows 7·8 IconCache.db and its application  

Lee, Chan-Youn (Center for Information Security Technologies(CIST), Korea University)
Lee, Sang-Jin (Center for Information Security Technologies(CIST), Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.24, no.1, 2014 , pp. 135-144 More about this Journal
Abstract
Since anti-forensics have been developed in order to avoid digital forensic investigation, the forensic methods for analyzing anti-forensic behaviors have been studied in various aspects. Among the factors for user activity analysis, "Iconcache.db" files, which have the icon information of applications, provides meaningful information for digital forensic investigation. This paper illustrates the features of IconCache.db files and suggests the countermeasures against anti-forensics utilizing them.
Keywords
IconCache.db; Antiforensic; Digital Forensic; User Behavior; Icon;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Harlan Carvey, "Windows forensic analysis DVD toolkit, second edition," Syngress, p.296, chapter 5, May. 2009.
2 Harlan Carvey, "The Windows Registry as a forensic resource," Digital Investigation, vol. 2, issues. 3, pp. 201-205, Sep. 2005.   DOI
3 Jan Collie, "The windows IconCache. db: A resource for forensic artifacts from USB connectable devices," Digital Investigation, vol. 9, issues 3-4, pp. 200-210, Jan. 2013.   DOI
4 Vivienne Mee, Theodore Tryfonas and Iain Sutherland, "The Windows registry as a forensic artifact: illustrating evidence collection for Internet usage," Digital Investigation, vol. 3, issues 3, pp. 166-173, Jul. 2006.   DOI
5 Eoghan Casey, "Handbook of Computer Crime Investigation: Forensic Tools and Technology," Elsevier, p. 152, Oct. 2001.
6 KISA, "Forensic technique research in the new operating system" Research Report, pp. 101-108, Sep. 2012.