Forensics in Thin Client and VxD environments
Could you share your experience, handling forensic investigations involving associates on thin clients, coming in through Citrix. In most cases, the temporary files are kept in profile servers and dropped when the user logs out. Examining the thin client may not really be of much help. With Virtual desktops deployments getting more and more popular this year (where the desktop is completely destroyed like a VM session, after the session is done), the traditional forensic approaches may not help. Any thoughts on countering these new challenges?