TY - GEN
T1 - Analysis of download accelerator plus (DAP) for forensic artefacts
AU - Yasin, Muhammad
AU - Wahla, Muhammad Arif
AU - Kausar, Firdous
PY - 2009
Y1 - 2009
N2 - Download Accelerator Plus (DAP) is one of the most popular download managers [1] due to its free availability, download speed and versatility. This software records download activities across multiple files which include history, registry, RAM, swap and temporary files. This paper analyzes a) the log files (with .DAT extension), b) windows registry entries, and c) RAM and swap files from forensic view point. We also look at tools and techniques for extracting evidence. This research work describes a number of traces left behind after the use of DAP such as install location, download path, downloaded files and menu extensions to name a few, enabling digital investigators to search and interpret download activities. Moreover the study is supported by a tool, DAP Forensic Artefact Colletor (DAPFAC), that assists forensic examiners by providing valuable information which is retrieved from the windows registry and history files on the basis of analysis performed. The widespread use of DAP makes this analysis, an attractive option, ranging from law enforcement agencies to employees monitoring manager.
AB - Download Accelerator Plus (DAP) is one of the most popular download managers [1] due to its free availability, download speed and versatility. This software records download activities across multiple files which include history, registry, RAM, swap and temporary files. This paper analyzes a) the log files (with .DAT extension), b) windows registry entries, and c) RAM and swap files from forensic view point. We also look at tools and techniques for extracting evidence. This research work describes a number of traces left behind after the use of DAP such as install location, download path, downloaded files and menu extensions to name a few, enabling digital investigators to search and interpret download activities. Moreover the study is supported by a tool, DAP Forensic Artefact Colletor (DAPFAC), that assists forensic examiners by providing valuable information which is retrieved from the windows registry and history files on the basis of analysis performed. The widespread use of DAP makes this analysis, an attractive option, ranging from law enforcement agencies to employees monitoring manager.
UR - http://www.scopus.com/inward/record.url?scp=71249123508&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=71249123508&partnerID=8YFLogxK
U2 - 10.1109/IMF.2009.11
DO - 10.1109/IMF.2009.11
M3 - Conference contribution
AN - SCOPUS:71249123508
SN - 9780769538075
T3 - IMF 2009 - 5th International Conference on IT Security Incident Management and IT Forensics - Conference Proceedings
SP - 142
EP - 152
BT - IMF 2009 - 5th International Conference on IT Security Incident Management and IT Forensics - Conference Proceedings
T2 - IMF 2009 - 5th International Conference on IT Security Incident Management and IT Forensics
Y2 - 15 September 2009 through 17 September 2009
ER -