This session will discuss privacy and security issues with the residual artifacts created when using the Windows operating system. The features and functionality of the Windows operating system and applications provide a rich user experience but along with the usability benefits comes privacy trade-offs and forensic evidence for security investigations.
These artifacts are useful in digital forensic and incident response investigations as well as understanding how humans interact with compromised machines. This presentation will include a technical demonstration of a number of these the usage pattern artifacts while discussing the security and privacy implications.
Within the structure of the session we will introduce the purpose of the enhanced user experience functionality, how this information is stored within the Windows OS and applications, and then how we can leverage that information to determine what occurred on a computer which can be used for the benefit or detriment of the system user.
The presentation will tie together this analysis of the applications and operating system interaction to correlate that information with timeline analysis providing a documented picture of what happened on a computer, days, months and in some cases, years later.