Windows Data Generation - nurit-cyber/Windows-Evidence GitHub Wiki
Data Generation
The following actions were preformed on the Windows 10 virtual machine to generate data to review.
- Opened IE/Edge
- Downloaded Chrome via Edge
- Downloaded Firefox via Chrome
- Downloaded Tor via Firefox
- Pinned Chrome and Firefox and Tor to the taskbar
- Regshot
- Plugged in flash drive (Lexar 32GB)
- Searched puppies images & video on Edge and downloaded 2 images and 1 video
- Searched kittens images & video on Chrome and downloaded 2 images and 1 video
- Searched turtles images & videos on Firefox and downloaded 2 images and 1 video
- Searched koalas images & videos on Tor and downloaded 2 images and 1 video
- View hamster images & video from SD card
- Copy hamsters.jpeg into Downloads from SD card
- Copy hamsters.mp4 into Documents from SD card
- View strawberry finch images & videos from PNY 32 GB flash drive
- Copy strawberryfinch.jpeg into Downloads from PNY 32 GB flash drive
- Copy strawberryfinch.mp4 into Documents from PNY 32 GB flash drive
- View savannah cat images & video from HDD
- Copy savannahcat.jpeg to Downloads from HDD
- Copy savannahcat.mp4 to Documents from HDD
- Place puppies.jpg in Recycle Bin
- Permanently delete kittens2.jpg
- Search "how to hack" on Firefox
- Search "how to not be sketchy" on Chrome
- Search "how to be sneaky" on Edge
- Search "how to eat burgers" on Firefox private
- Search "how to avoid pizza" on Chrome Incognito
- Search "how to make money illegal" on Edge Incognito
- Search "how to pet puppies" on Tor
- Regshot
Evidence Generation Breakdown
In order to create three main types of evidence, the above data generation was performed. The steps can be broken down in the following:
Image & Video Artifacts
The following steps were designed to create image and video artifacts on the Windows system:
8 - Searched puppies images & video on Edge and downloaded 2 images and 1 video
9 - Searched kittens images & video on Chrome and downloaded 2 images and 1 video
10 - Searched turtles images & videos on Firefox and downloaded 2 images and 1 video
11 - Searched koalas images & videos on Tor and downloaded 2 images and 1 video
12 - View hamster images & video from SD card
13 - Copy hamsters.jpeg into Downloads from SD card
14 - Copy hamsters.mp4 into Documents from SD card
15 - View strawberry finch images & videos from PNY 32 GB flash drive
16 - Copy strawberryfinch.jpeg into Downloads from PNY 32 GB flash drive
17 - Copy strawberryfinch.mp4 into Documents from PNY 32 GB flash drive
18 - View savannah cat images & video from HDD
19 - Copy savannahcat.jpeg to Downloads from HDD
20 - Copy savannahcat.mp4 to Documents from HDD
21 - Place puppies.jpg in Recycle Bin
22 - Permanently delete kittens2.jpg
USB Device Artifacts
The following steps were designed to create USB device artifacts on the Windows system:
7 - Plugged in flash drive (Lexar 32GB)
12 - View hamster images & video from SD card
15 - View strawberry finch images & videos from PNY 32 GB flash drive
18 - View savannah cat images & video from HDD
Web Search Artifacts
The following steps were designed to create web search artifacts on the Windows system:
1 - Opened IE/Edge
2 - Downloaded Chrome via Edge
3 - Downloaded Firefox via Chrome
4 - Downloaded Tor via Firefox
5 - Pinned Chrome and Firefox and Tor to the taskbar
8 - Searched puppies images & video on Edge and downloaded 2 images and 1 video
9 - Searched kittens images & video on Chrome and downloaded 2 images and 1 video
10 - Searched turtles images & videos on Firefox and downloaded 2 images and 1 video
11 - Searched koalas images & videos on Tor and downloaded 2 images and 1 video
23 - Search "how to hack" on Firefox
24 - Search "how to not be sketchy" on Chrome
25 - Search "how to be sneaky" on Edge
26 - Search "how to eat burgers" on Firefox private
27 - Search "how to avoid pizza" on Chrome Incognito
28 - Search "how to make money illegal" on Edge Incognito
29 - Search "how to pet puppies" on Tor