{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T16:23:25Z","timestamp":1781108605370,"version":"3.54.1"},"reference-count":9,"publisher":"IGI Global Scientific Publishing","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012,4,1]]},"abstract":"<p>For many computer forensics investigations, the discovery of the complete activity history of users is an essential part of the process; however, due to the complexity and variety of current modern personal computer operating systems, the availability of useful tools is limited. This limitation is based on the tools ability to retrieve the relevant data and present it to the investigator in a user friendly format. The current software tools that claim to extract user activity information put the onus on the investigator to construct the timeline from the data which can introduce errors and is time consuming. This paper discusses the development and evaluation of a new tool, the User Activity Tracker (UAT), which automates the visual presentation of the timeline process by retrieving and consolidating user activity data into a single source and producing as accurately as possible, the timeline of user activity on that computer. The UAT tool was tested against a modern commercial forensic tool and the results of this preliminary testing showed that the UAT tool was faster and required less manual intervention to produce a greater level of detail of the user\u2019s activity than the commercial tool.<\/p>","DOI":"10.4018\/jaci.2012040103","type":"journal-article","created":{"date-parts":[[2012,5,16]],"date-time":"2012-05-16T10:05:11Z","timestamp":1337162711000},"page":"35-47","source":"Crossref","is-referenced-by-count":0,"title":["Automating the Generation of User Activity Timelines on Microsoft Vista and Windows 7 Operating Systems"],"prefix":"10.4018","volume":"4","author":[{"given":"Stephen","family":"O\u2019Shaughnessy","sequence":"first","affiliation":[{"name":"Institute of Technology Blanchardstown, Ireland"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Anthony","family":"Keane","sequence":"additional","affiliation":[{"name":"Institute of Technology Blanchardstown, Ireland"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"2432","reference":[{"key":"jaci.2012040103-0","unstructured":"Access Data. (2011). Forensic toolkit. Retrieved September 12, 2011, from http:\/\/accessdata.com\/products\/computer-forensics\/ftk"},{"key":"jaci.2012040103-1","doi-asserted-by":"crossref","unstructured":"Buchhokz, F. (2005). CERIAS \u2013 Zeitline: a forensic timeline editor. Retrieved January 12, 2011, from http:\/\/projects.cerias.purdue.edu\/forensics\/timeline.php","DOI":"10.1007\/978-0-230-35791-4_5"},{"key":"jaci.2012040103-2","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2004.10.002"},{"key":"jaci.2012040103-3","first-page":"187","author":"E.Casey","year":"2011","journal-title":"Digital evidence and computer crime"},{"key":"jaci.2012040103-4","author":"M.Cloppert","year":"2008","journal-title":"Ex-tip: an extensible timeline analysis framework in Perl"},{"key":"jaci.2012040103-5","author":"K.Gu\u00f0j\u00f3nsson","year":"2010","journal-title":"Mastering the super timeline with log2timeline"},{"key":"jaci.2012040103-6","doi-asserted-by":"crossref","unstructured":"Keane, A., & O'Shaughnessy, S. (2011). Tracking user activity on personal computers. In Proceedings of the 3rd International ICST Conference on Digital Forensics & Cyber Crime.","DOI":"10.1007\/978-3-642-35515-8_16"},{"key":"jaci.2012040103-7","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2009.06.008"},{"key":"jaci.2012040103-8","unstructured":"Weber, D. (2007). System combo timeline. Retrieved May 12, 2011, from http:\/\/www.cutawaysecurity.com\/blog\/system-combo-timeline"}],"container-title":["International Journal of Ambient Computing and Intelligence"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=66858","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,2]],"date-time":"2022-06-02T00:55:31Z","timestamp":1654131331000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jaci.2012040103"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2012,4,1]]},"references-count":9,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2012,4]]}},"URL":"https:\/\/doi.org\/10.4018\/jaci.2012040103","relation":{},"ISSN":["1941-6237","1941-6245"],"issn-type":[{"value":"1941-6237","type":"print"},{"value":"1941-6245","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012,4,1]]}}}