Tools for registry forensics. Tool: MuiCache View. Whenever a new application is installed, the Windows operating system automatically extracts the application name from the version resource of the exe file and stores it for later use in a Registry key known as the “MuiCache.”
Published in Chapter:
Digital Crime Evidence
Parkavi R. (Thiagarajar College of Engineering, India), Divya K. (Thiagarajar College of Engineering, India), and Sherry Ruth V. (Thiagarajar College of Engineering, India)
Copyright: © 2020
|Pages: 28
DOI: 10.4018/978-1-7998-1558-7.ch008
Abstract
With the advent of computers, there came computer-related crimes; hence, there comes the need for cybercrime judicial proceedings. And for any trial, evidence plays an instrumental role in bringing the victim to justice. So, there is a need for digital evidence. Digital crime evidence forms a core for the field of computer forensics. Breaking down the term digital crime evidence to be understood in simple words, it is the collection of data and information that plays a crucial role in digital crime investigation and that is usually stored and transmitted in electronic formats. Digital evidence is defined as any data stored or transmitted using a computer that supports or refute a theory of how an offense occurred or that address critical elements of the offense such as intent or alibi. This data is commonly a combination of text, audio, images, and videos. This evidence is generally invisible, fragile, time-sensitive, and integrity will be lost if they are mishandled.