The Windows Forensic Analysis Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Windows Forensic analysis is the analysis which is related with the parts, methods etc of the windows. If we want to investigate the compromised windows hosts than, we need windows forensic analysis. My complete research is about the analysis of the windows. The main aim is to research about the systems of windows like my whole research about windows includes the file systems of windows XP which is including the file systems like FAT and NTFS, windows XP file hiding places and also discussion about viruses, information and the data analyze on the windows XP. Research about windows also includes the windows registry and its much importance is also discussed, Microsoft start up tasks which appears automatically, data recovery of windows and also about the windows forensics software tools. The main objective is to make a new product after doing all research about the windows including all these points and all the research is in detail and covers all the features of windows. Rationale behind my research is to gain knowledge about each and every thing about the windows so that it can help a lot in my product which is totally based on the research on the windows. One of the important reason behind this research about windows is to get knowledge about the advantages, uses of all the systems, places etc of windows and to find out the problems faced by the windows during any work. So that I can know about that problems and work hard to remove those problems so that it would not influence the development and working of my product. (Windows Forensic Toolchestâ„¢ (WFT), 2010). Here the main task is the research of the windows thoroughly and then using all these research for the the implementation and the development of product.


The analysis of windows includes the windows XP file systems. There are different ways for organizing the files in the windows XP on the hard disk and they are:

The old file allocation table file system is a system which was mainly developed for MS -DOS on the machines which are small and floppy disks. Variants named as FAT12 is used on the floppy disks and only the hard disk partition present in windows XP can be implicit for using the version named as FAT32 or a file allocation table of 32 bit. Another file system which was more advanced called as NTFS (the "NT file system") was developed for the hard disks present in Windows NT. According to one of the publications this version was the matured and the latest version that exits alongside file allocation table in windows XP. With an individual partition of the disk the file systems goes and then we can mix the two types which are discussed above on the same drive which is physical. Whichever file system is used for partition, the windows XP operating system is same. NTFS which means new technology file system is the preferred file system for the windows XP because of its features like improved support for metadata and it uses the data structure which is advance enough for improving the performance like reliability, space utilization of disk and file system journaling. With reference to the latest report and the publications it is seen that NTFS is widely used in comparison to the FAT. Windows XP also consists of file hiding places which have their own uses. When we use the windows XP, the unnecessary junk files are accumulated by the temporary file folders. These temporary files take the disk space and besides that these files acts as the perfect hiding places for the spyware and the viruses which harms in all processes. (Windows Data Recovery - Recover lost Data from FAT & NTFS Partitions , 2007)

The research also includes the windows registry and according to my research about windows registry is that it is the database which is hierarchical which is used for storing configuration setting and also options on Microsoft windows operating systems. It also contains applications which are running on the platform and settings for the operating systems which are low level. Registry is used by the kernel, device drivers, user interface and the applications of third party. For profiling system performance, registry provides a means to access counters. With the introduction of new operating systems INI files were introduced that had been used before for storing settings for windows programs. All the application settings stored by the windows registry is in a standardized form and in one central respiratory. In Registry strongly typed data can be stored in the INI files. Multi user can share the same machine by using the registry and registry also allows the programs to work for a user. There are some features of systems which are improved by the registry like it improves the system integrity and reason behind this improvement is that registry is used as a database and provides database features like atomic updates. Register also contains keys and values in which keys are same as folders and each key can contain many sub keys. The pairs that are stored within the keys are known as the registry values and registry values are separate from the registry keys. The names of all the registry values which are stored in the registry keys have a unique name and its letter case is also not significant. Registry is also divided into number of logical sections. According to the report of specialist it is seen that windows registry plays an important role in this kind of product and also helps in the implementation.

Research is also about the windows start up tasks and these tasks automatically run when we boot a windows machine and these start up programs can perform various functions like the initiation of virus protecting guard, initialization of multimedia settings, logging into networks with a purpose to access remote shares. It is also possible that spywares could also start along with windows for initializing the ad viewers and also open back doors in our system. For help spywares and adware should be kept from running on start up and if we desire than we can turn off the start up tasks which are selected. There are some startup tasks which appear in the right pane and these are:

Key- How item starts up

Value- name that is given to start up item

Command line - For execution of the actual command run.

For adding the start up tasks insert button should be pressed and then onscreen prompts should be followed. Similarly for removing the start up tasks delete button is always used. For copying the start up tasks to clipboard, first right click on a given task and choose the option copy to clipboard.

There is some software for the information and data analysis on windows XP and this software are very powerful and support the analysis which is primary of sequence based data and also the micro array based data generated by different systems. There is software which compares data from applications which are totally different. There is lot of information and data on the windows XP and separate tools are available for the analysis of these data and information.

Windows data recovery is the recovery of files which are deleted from windows.

Windows data recovery software is a tool for windows operating system for recovering the files which are deleted from the windows FAT and NTFS partitions. The data recovery software helps to recover data from the Pen drive, USB drive, memory cards, cameras which are digital etc which supports the windows operating systems. This software also restores the lost data and it restores from the damaged window partitions of windows operating system. Advances windows data recovery software helps us in recovering the deleted files and data from the missing, corrupted file system. Recovery engineers created the windows partition recovery software with a purpose of restoring each and every bit of lost data from the windows pen drive which is crashed using just 2 to 3 steps which are very simple and unique.

Research is also done on the windows forensics software tools and we came to know that X ways forensics is an integrated computer forensic environment which is powerful and also affordable with large number of forensic features. It is a disk analysis tool for capturing free space; inter partition space with creation of fully detailed drive contents along with all the files and directories which are deleted. Windows forensics software tools can be used for signs of an accident and the most important is to confirm the misuse of computer. It produces the output which is very useful to the admin user and also perfect for use in proceedings of court. Performing incident Reponses or audit is the primary benefit of using windows forensics software tools. (Spybot Search and Destroy)


From all the research about windows done above allowed me to find important things which would influence the development of my product in my project. After researching about the file systems i found that all the file allocation table whether it is FAT12 or FAT32 are not project because they are fully dependent on other things like only the hard disk partition present in XP is used for using the version of FAT32 so this problem breaks the rule of my project that is of all around performance without any dependency. So the suitable file system for my project is NTFS it has features like improved support for metadata and use of data structure by NTFS is advance enough for improving the performance like reliability, disk space utilization which are necessary for my product. After the research about file hiding places it is found that this property is not very helpful because these are one of the causes of viruses and the spywares. The best finding from the whole research is Windows registry because it is helpful for development of my product and without the features of registry my product would lack in lot of unique features. Registry is the best database for storing configuration setting and also contains the application of running programs on the platform. Registry is used by all devices like kernel, device drivers, user interface etc which indicates that most of the devices work by using the features of registry. The concept of INI files are also useful for my product development and needs of INI files are less but important for improving the working of my product. Registry is considered as best feature for development of product because registry allows multi users to work at the same time.

The tools are available for the analysis of information and data on the windows XP but these tools are not going to help a lot and some other tools are required for the important work like analysis of data etc.

Windows start up tasks is also going to influence the development of my product because viruses and spywares are considered as the factors which affects the growth of product and start up tasks helps in by appearing automatically and it initiates the virus protecting guard. Windows data recovery software is also useful because it helps in recovering the files which are deleted from the FAT and NFTS partition. This feature is important when the useful files are deleted purposely or by mistake and now if we want to recover than we require the windows recovery software. Research also helped me to find that windows forensics software tools helps in capturing free space, inter partition space etc and this tool is going to help my product a lot because it confirms the misuse of the computer so it completely removes the problem of misuse of the computer and this feature would is definitely helpful in development of my product. Start up tasks is also not perfect for my product because they sometimes create problems by appearing automatically when it is not necessary. So start up tasks should be modified and made to appear only when it is urgent or when there is a serious harm for computer due to viruses and spywares.


According to the research i have done there are some methods that i want to propose for the development of my product. One of the methods is the introduction of software's for the management of data. By using the NFTS management of data can be done and it would also help in improving the performance like reliability, disk space utilization and file system journaling. Another method is related with the viruses, spywares etc and this method is for making the product free from the problems of viruses and for this I would use the method of startup tasks but with a slight modification. These tasks would help me to get rid of viruses, spywares etc but by appearing only when it is urgent and not by appearing automatically at any time. Another method is for recovery of the data or files which are deleted from the windows and in applying this method the software's for data recovery would help me a lot and these software's have some external uses also like they also recover the deleted files from the devices like USB, Pen drive, digital cameras etc which supports the windows operating systems.

One more method for development of my product that i am going to use is for the capturing of free spaces, inter partition space by creating fully detailed drive contents along with all the files and directories which are deleted by user. And in this method window forensic software tools are going to help my project because these tools have all the features that are going to fulfill all the requirements of my project related to it. The direction of the proposed product is to provide the user each and every thing which is useful enough like the things which are discussed in the research so that user can work without the loss of time and with full support of the things like file system, start up task etc. But the most significant method to be used for project is the windows registry which is used for storing the configuration settings and also helpful in programs running and its best feature of multi user working at a same time. All these methods are suitable for my product and I would like to use all these methods with extra skills and knowledge. These all are my plans for implementation of my product.


After doing research about the windows XP file systems, data recovery software's, start up tasks, windows forensics software tools etc it is found that all the versions of FAT like FAT12 and FAT32 are not much useful and only used for the small purposes. The best file system for windows XP is the NTFS as it uses the database which helps in improving reliability which is most important for any product. Windows file hiding places are also discussed but these are not very useful as they are one of the causes of viruses etc in the computer. Windows registry is the best option to be used in the project because of its unique features of storage, and the feature of multi user. In this feature multi user can work at the same time which results in less time consumption and more output. These features are very helpful for the users and these are very distinctive features also.

Software's and tools for the information and data analysis on the windows XP have many drawbacks like they don't analyze the complete data and information so these are not very important for the implementation of product.

Recovery of data is also considered as the important work and there are software's for the data recovery which helps in recovering the deleted files from the windows FAT and NTFS partition. If we want to recover the data from the pen drive, memory card etc than also we can use data recovery software's. Windows forensics software tools are also necessary tools as they help in checking the misuse of the computer and also indicate the accident signs. The output of the windows forensics software tools are perfect and help in performing various things. All these reports of research are going to help me when I start implementing my product. This implementation would be done by acquiring extra skills and knowledge and by doing different experiment for the perfect implementation without any errors.


After doing all the research about the windows file systems and windows registry it is concluded that these two systems have useful and the unique features like quality improving features provided by the file systems and the storage and multi user method provided by the windows registry. These features are going to help me a lot in my product of windows and these software's and systems increases the reliability and the uses of a particular product. Research done about the file hiding places and the start up tasks it is concluded that these two have good features like detection of spywares, viruses etc and also the areas for hiding the files but these two are not going to help the product by great amount because these two have many drawbacks and errors associated with them. That is why these two are not considered as the perfect methods for implementation of our product. On the other hand the windows forensics tools are of great use due to their capability of finding the misuses of the computer and capabilities of giving the much useful output. So these software tools are going to help me in the product's implementation and use.

The conclusion about the software's and tools for data analysis on windows XP don't have suitable features to use for the development of proposed product.

Finally it is concluded that this whole research about the windows have increased the knowledge by excellent amount and set the mind for using useful systems and software in the product. It is also concluded that there is need of acquiring extra skills and knowledge in order to create and establish the product.


Some of the recommendations are necessary for these researches about the windows systems and software's. Recommendation is based on the research made and also for using which software's and systems and which systems or features should be neglected for the implementation of the product. File systems like FAT12 and FAT32 should not be used because these have certain limitations which effect the development of product. NFTS should be used and the main reason behinds it's more use are its feature of improvement. These types of features are not found in any other systems. File hiding places in windows should not be used because of their habit of generation of spywares and viruses. These things destroy all the qualities of the product. Windows registry should be used for more purposes because these have various good features like it helps in restoring the data and its best feature is of multi user working. It is recommended that for the implementation of product all the features of the windows recovery must be used. Start up tasks should not be used because of its limitation discussed above. Data recovery software's and the forensics software tools must be used because the product requires the features like recovery of deleted files that is provided by the recovery software's and for reducing in fact for stopping the misuse of computer is done by the use of windows forensics software tools.

After this research my mind is totally set for the implementation of my product as product is the outcome of the research and development.