Dataset of Windows operating system forensics artefacts

Published: 5 April 2024| Version 1 | DOI: 10.17632/8dfh724hvc.1
Contributors:
, Pavol Sokol,
,

Description

The dataset consists of records from the NTFS file system and event logs. In this study, we used images of devices from capture the flags competitions focused on the digital forensics of Windows operating systems and user activities. We created timelines of the security incident from the disk images using the Plaso tool, which we then processed and transformed the attributes of the timelines into binary values to simplify the application of data analysis and machine learning methods. The data are divided into 13 different files, and they are saved in CSV format.

Files

Institutions

Univerzita Pavla Jozefa Stafarika v Kosiciach

Categories

Cybersecurity, Computer Forensics, Disk Forensics, Data Analytics Cybersecurity

Funding

Agentúra na Podporu Výskumu a Vývoja

APVV-17-0561

Agentúra na Podporu Výskumu a Vývoja

APVV-21-0336

Licence