AXREL: Automated Extracting Registry and Event Logs for Windows Forensics
Issued Date
2023-01-01
Resource Type
Scopus ID
2-s2.0-85180152126
Journal Title
27th International Computer Science and Engineering Conference 2023, ICSEC 2023
Start Page
74
End Page
78
Rights Holder(s)
SCOPUS
Bibliographic Citation
27th International Computer Science and Engineering Conference 2023, ICSEC 2023 (2023) , 74-78
Suggested Citation
Visoottiviseth V., Noonkhan A., Phonpanit R., Wanichayagosol P., Jitpukdebodin S. AXREL: Automated Extracting Registry and Event Logs for Windows Forensics. 27th International Computer Science and Engineering Conference 2023, ICSEC 2023 (2023) , 74-78. 78. doi:10.1109/ICSEC59635.2023.10329743 Retrieved from: https://repository.li.mahidol.ac.th/handle/20.500.14594/96340
Title
AXREL: Automated Extracting Registry and Event Logs for Windows Forensics
Author's Affiliation
Corresponding Author(s)
Other Contributor(s)
Abstract
When a cyber incident occurs, digital forensic is then essential for investigating how hackers compromised the system or how malware functioned. In this paper, we focus on Windows forensics which is one important branch of digital forensics. Windows forensics can be performed using some existing investigation tools that are expensive and require training before using them, while the current number of well-trained staffs in the cybersecurity field is limited. Moreover, in the step of evidence analysis, Windows forensic investigators need to manually extract certain files such as Windows registry and Windows event logs, which is a repetitive and time-consuming task. Therefore, we propose AXREL as an automated Windows evidence extracting application to facilitate new Windows forensic investigators by providing a user-friendly GUI. Our application is developed by Python 3 on the Windows platform. It can automatically extract Windows registry and event logs, which are the primary sources of evidence for Windows forensics.