View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Embry-Riddle Aeronautical University Journal of Digital Forensics, Security and Law Volume 3 Number 4 Article 2 2008 Extraction and Categorisation of User Activity from Windows Restore Points Damir Kahvedžić University College Dublin Tahar Kechadi University College Dublin Follow this and additional works at: https://commons.erau.edu/jdfsl Part of the Computer Engineering Commons, Computer Law Commons, Electrical and Computer Engineering Commons, Forensic Science and Technology Commons, and the Information Security Commons Recommended Citation Kahvedžić, Damir and Kechadi, Tahar (2008) "Extraction and Categorisation of User Activity from Windows Restore Points," Journal of Digital Forensics, Security and Law: Vol. 3 : No. 4 , Article 2. DOI: https://doi.org/10.15394/jdfsl.2008.1049 Available at: https://commons.erau.edu/jdfsl/vol3/iss4/2 This Article is brought to you for free and open access by the Journals at Scholarly Commons. It has been accepted for inclusion in Journal of Digital Forensics, Security and Law by an authorized administrator of (c)ADFSL Scholarly Commons. For more information, please contact
[email protected]. Journal of Digital Forensics, Security and Law, Vol. 3(4) Extraction and Categorisation of User Activity from Windows Restore Points Damir Kahvedžić
[email protected] Computer Science and Informatics University College Dublin, Ireland Dr.Tahar Kechadi
[email protected] Computer Science and Informatics University College Dublin, Ireland ABSTRACT The extraction of the user activity is one of the main goals in the analysis of digital evidence. In this paper we present a methodology for extracting this activity by comparing multiple Restore Points found in the Windows XP operating system.