Remote access forensics for VNC and RDP on Windows platform

Author

Paresh Kerai, Edith Cowan University

Date of Award

2010

Document Type

Thesis

Publisher

Edith Cowan University

Degree Name

Bachelor of Computer Science Honours

School

School of Computer and Security Science

Faculty

Faculty of Computing, Health and Science

First Supervisor

Professor Craig Valli

Abstract

There has been a greater implementation of remote access technologies in recent years. Many organisations are adapting remote technologies such as Virtual Network Computing (VNC) and remote desktop (RDP) applications as customer support application. They use these applications to remotely configure computers and solve computer and network issues of the client on spot. Therefore, the system administrator or the desktop technician does not have to sit on the client computer physically to solve a computer issue. This increase in adaptation of remote applications is of interest to forensic investigators; this is because illegal activities can be performed over the connection. The research will investigate whether remote protocols and applications do produce and leave valuable artefacts behind on Windows systems. The research aim to determine and retrieve any artefacts left behind remote protocols and applications in a forensic manner. Particular remote applications are selected to perform the research on and initial analysis will be performed on the applications to evaluate the potential forensic artefacts present on the computer system. The research will focus on Windows XP service packs 1, 2 & 3 for analysis of the remote applications and find out what artefacts if any are left behind these systems.

Recommended Citation

Kerai, P. (2010). Remote access forensics for VNC and RDP on Windows platform. Edith Cowan University. https://ro.ecu.edu.au/theses_hons/8