back to article Notes on Vista forensics

In part one of this series we looked at the different editions of Vista available and discussed the various encryption and backup features which might be of interest to forensic examiners. In this article we will look at the user and system features of Vista which may (or may not) present new challenges for investigators and …

COMMENTS

This topic is closed for new posts.
  1. regadpellagru

    Vista and forensics, a whole chapter of law history

    "Another interesting change is that Vista is configured by default to not update the last access time on files, a decision made to increase file system performance."

    Ah, yes, no Windows version would ever be considered as

    complete without the Moronic TM mark !

    Why, after all, updating the "last access time",

    each, er..., last accessed time, eh ?

    How long before we hear in court from the so-called "experts":

    "Your Honnor, the suspect has viewed/not viewed the file

    just before the event, since the last access time

    has/hasn't been updated" ?

    "Vista ships with Windows Internet Explorer 7 for web browsing and, although forensic examiners will certainly encounter other browsers during Vista's lifetime, it seems reasonable to assume that IE7 and its Microsoft successors will represent the vast majority of browsers whose use comes under investigation."

    Possibly the only one that comes under examination,

    yes, giving the sometimes narrow mindset of "experts" :-)

    But IE 7 seems so far, as per my IT experience and furiously "out of IT" neighboroud experience, a bloody

    pain in the lower back, at best !

    Again, "experts" might just rule out that "the user

    has viewed/not viewed something" based on IE history only

    while firefox history might be cleared on exit.

    "For the time being though, the fight between those with something to hide and those tasked with uncovering electronic evidence continues."

    Yes, indeed. And as with all fights, collateral damages is to

    be expected. A lot due to Vista.

    People with something to hide should switch to Firefox, while

    others should shout loud and clear they're loyal to IE7.

This topic is closed for new posts.

Other stories you might like