A behavior monitor system for the users of Windows 10

• Main Authors: HSIEH, MEI-NA, 謝美娜
• Other Authors: WENG, SHIUH-KU
• Format: Others
• Language: zh-TW
• Published: 2018
• Online Access: http://ndltd.ncl.edu.tw/handle/g6562r

碩士 === 國防大學 === 網路安全碩士班 === 106 === Abstract This thesis is to develop a behavior monitor system for the users of Windows 10. The monitor system, named JumpListM monitor, is the first one which applies the records of the Jump Lists to monitor the behavior of computer users. The system is replying on the Jump Lists which keep the records of recently accessed files and directories as well as group them as per application basis. Owing to the Jump Lists including a lot of records, in this thesis, the records will be rendered to monitor the behavior and display the results of visualization. Jump Lists have drawn much attention in the field of digital forensics since they were firstly introduced in the release of Windows 7. Although there have been many tools developed for running in Windows 7 and 8 for the analysis of Jump Lists, those cannot be run in Windows 10. The reason is that Jump Lists of Windows 10 are different from those of the previous version of Windows. Therefore, it is a challenge to design an analysis tool of Windows 10 Jump Lists. The JumpListM monitor is implemented as a GUI tool by Python 3.5. It can monitor what kinds of software and what time a user respectively run every software in a computer. According to the information, Users’ behavior can be monitored. Key Words: Jump Lists、Digital Forensics、Windows 10、Monitor tool。