Browsing by Author "Chivers, Howard"
Now showing 1 - 2 of 2
Results Per Page
Sort Options
Item Open Access An analysis of the structure and behaviour of the Windows 7 operating system thumbnail cache(University of Strathclyde, Glasgow, 2011-06-28) Morris, Sarah; Chivers, HowardOperating systems such as Windows 7 implement a thumbnail cache structure to store visual thumbnails and associated metadata. There is no standard implementation of a thumbnail cache or its functions, which has led developers to implement their own structures and behaviour. The artefacts present within a thumbnail cache are of interest to a forensic analyst as they can provide information on files within the system which may be of use to the investigation. This research investigates the structure and behaviour of the thumbnail cache implemented in Windows 7 and shows that as well as storing information relating to visual thumbnails the cache also stores the names of networked computers, GUIDs relating to system artefacts and allocated drive letter information. It also shows that due to the behaviour of the cache, information such as records relating to files which are no longer on the system may be available, proving interesting forensic evidence.Item Open Access A deployment value model for intrusion detection sensors(Springer, 2010-02-18T00:00:00Z) Shaikh, Siraj A.; Chivers, Howard; Nobles, Philip; Clark, John A.; Chen, HaoThe value of an intrusion detection sensor is often associated with its data collection and analysis features. Experience tells us such sensors fall under a range of different types and are diverse in their operational characteristics. There is a need to examine some of these characteristics to appreciate the value they add to intrusion detection deployments. This paper presents a model to determine the value derived from deploying sensors, which serves to be useful to analyse and compare intrusion detection deployments.