Abstract
Cortana is one of the new features introduced by Microsoft in its latest version of desktop operating systems, i.e., Windows 10. The feature is identified by “Ask me anything” text box at the Start Menu and can be used for a number of tasks such as setting up reminders based on time, place, and person; searching stuff on local device or web; sending emails and texts; and more. The feature keeps track of reminders when and where they got finalized, as a result, evidentiary artifacts related to reminders are recorded in a back-end database. The forensic examination of Cortana has been largely unexplored in literature as the platform is relatively new. This paper seeks to determine the databases created by Cortana, their format, and the type of information recorded in these databases. As a part of this paper, six custom Python scripts have been developed for decoding and exporting data to aid forensic investigators. Furthermore, several experiments are conducted to extract information related to reminders such as created and last updated timestamps of a reminder, type of reminder, when a reminder got finalized, and where it got finalized. Finally, forensic usefulness of information stored in a Cortana database is demonstrated in terms of a location timeline constructed over a period of time.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
- 2.
- 3.
- 4.
- 5.
References
Chivers, H., Hargreaves, C.: Forensic data recovery from the windows search database. Digit. Investig. 7(3), 114–126 (2011)
Metz, J.: libesedb. https://github.com/libyal/libesedb (2012). Accessed 5 July 2016
Muir, B.: Windows 10 cortana & notification center forensics. http://bsmuir.kinja.com/windows-10-cortana-notification-center-forenics-1724511442 (2015). Accessed 10 Aug 2016
Singh, B., Singh, U.: A forensic insight into windows 10 jump lists. Digit. Investig. 17, 1–13 (2016)
Singh, B., Singh, U.: A forensic insight into windows 10 cortana search. Comput. Secur. 66, 142–154 (2017)
Sofer, N.: Esedatabaseview. http://www.nirsoft.net/utils/ese_database_view.html (2013). Accessed 5 Aug 2016
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Singh, B., Singh, U. (2019). Forensic Implications of Cortana Application in Windows 10. In: Sa, P., Bakshi, S., Hatzilygeroudis, I., Sahoo, M. (eds) Recent Findings in Intelligent Computing Techniques . Advances in Intelligent Systems and Computing, vol 707. Springer, Singapore. https://doi.org/10.1007/978-981-10-8639-7_7
Download citation
DOI: https://doi.org/10.1007/978-981-10-8639-7_7
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-8638-0
Online ISBN: 978-981-10-8639-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)