Abstract
Free Download Manager (FDM) is one of the most popular download managers due to its free availability, high download speed and versatility. It contains a lot of information that is of potential evidentiary value even if a user deletes web browser history, cookies and temporary internet files. This software records download activities across multiple files saved with .SAV extensions in the User Profile. This paper analyzes: 1) the windows registry entries particularly concerned to configuration and user settings, 2) the log files (with .SAV extension) created by FDM to trace download activities, and 3) RAM and swap files from a forensic perspective. This research work describes a number of traces left behind after the use of FDM such as install location, default download path, downloaded files, and menu extensions to name a few, thus enabling digital investigators to search for and interpret download activities. The widespread use of FDM makes this research work an attractive option for forensic investigators, ranging from law enforcement agencies to employers monitoring personnel.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Download Manager (2004), http://en.wikipedia.org/wiki/Download_manager
Comparison of download managers (2004), http://en.wikipedia.org/wiki/Comparison_of_download_managers
Honeycutt, J.: Microsoft Windows Registry Guide, 2nd edn., pp. 570–578. Microsoft Press (2005)
Wong, L.W.: Forensic Analysis of the Windows Registry, Forensic Focus (2007), http://www.forensicfocus.com/index.php?name=Content&pid=73&page=1
Description of the Microsoft Windows Registry, Help and Support, Microsoft Corp (2007), http://support.microsoft.com/kb/256986/
Registry Quick Find Chart, AccessData Corp (2006), http://www.accessdata.com/support/white%5Fpap
Vivienne, M., Theodore, T., Iain, S.: The Windows Registry as a forensic artefact: Illustrating evidence collection for Internet usage. Digital Investigation 3(3), 166–173 (2006)
Derrick, J.F.: A Forensic Analysis of the Windows Registry (2007), http://www.eptuners.com/forensics/contents/A_Forensic_Examination_of_the_Windows_Registry_DETAILED.pdf
Registrar Registry Manager 6.02 (Lite Edition), http://resplendence.com/download/rrtri.exe
Registry Viewer 2.0, http://www.mitec.cz/Downloads/RegView.zip
Carvey, H.: The Windows Registry as a forensic resource. Digital Investigation 2(3), 201–205 (2005), http://www.sciencedirect.com/science/article/B7CW4-4GX1J3B-1/2/6f94db2adc419ceacce8e3-66614ad34f
WinHex 15.3, http://www.x-ways.net/winhex.zip
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Yasin, M., Wahla, M.A., Kausar, F. (2010). Analysis of Free Download Manager for Forensic Artefacts. In: Goel, S. (eds) Digital Forensics and Cyber Crime. ICDF2C 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 31. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11534-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-11534-9_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11533-2
Online ISBN: 978-3-642-11534-9
eBook Packages: Computer ScienceComputer Science (R0)