Visible to the public Forensic analysis of Windows 10 Sandbox

TitleForensic analysis of Windows 10 Sandbox
Publication TypeConference Paper
Year of Publication2020
AuthorsĐuranec, A., Gruičić, S., Žagar, M.
Conference Name2020 43rd International Convention on Information, Communication and Electronic Technology (MIPRO)
Date PublishedOct. 2020
ISBN Number978-953-233-099-1
KeywordsCollaboration, collaboration agreements, composability, digital forensics, Open Source Software, Operating systems, policy-based governance, Prefetching, pubcrawl, sandbox, Sandboxing, Scalability, Testing, Tools, virtual environments, Windows 10

With each Windows operating system Microsoft introduces new features to its users. Newly added features present a challenge to digital forensics examiners as they are not analyzed or tested enough. One of the latest features, introduced in Windows 10 version 1909 is Windows Sandbox; a lightweight, temporary, environment for running untrusted applications. Because of the temporary nature of the Sandbox and insufficient documentation, digital forensic examiners are facing new challenges when examining this newly added feature which can be used to hide different illegal activities. Throughout this paper, the focus will be on analyzing different Windows artifacts and event logs, with various tools, left behind as a result of the user interaction with the Sandbox feature on a clear virtual environment. Additionally, the setup of testing environment will be explained, the results of testing and interpretation of the findings will be presented, as well as open-source tools used for the analysis.

Citation Keyduranec_forensic_2020