The rapid evolution of operating systems (OS) presents a continuous challenge for digital forensic investigators. With each update or new release of an OS, new features are introduced, and alongside these features come new types of data that can potentially serve as forensic artifacts. The identification and analysis of such novel artifacts are crucial for forensic investigators to keep pace with the modern digital environment. This thesis aims to explore, identify, and analyze new forensic artifacts within modern operating systems, which could provide additional insights or evidential value during digital forensic investigations (MacOS, Windows, Android, iOS)
This master project focuses on all or some of the following tasks:
- Selection criteria for the operating system to be analyzed
- Description of the operating system(s) selected for the study
- To identify and analyze novel forensic artifacts in modern operating systems
- To evaluate the potential evidentiary value of these newly identified artifacts
- To develop methodologies and/or tools for the extraction and analysis of these artifacts
- Detailed presentation of the novel forensic artifacts identified
- Discussion on the evidentiary value of the identified artifacts