Vista is here - wha...
 
Notifications
Clear all

Vista is here - what does it mean for us?

15 Posts
10 Users
0 Likes
616 Views
Jamie
(@jamie)
Posts: 1288
Moderator
 

So, Vista (for consumers) is finally here and getting plenty of attention from a security angle but what does it mean for us as forensic examiners? What challenges will its widespread usage by consumers and businesses present us with?

Jamie

 
Posted : 31/01/2007 8:20 am
(@omagico)
Posts: 39
Trusted Member
 

As far as bitlocker goes unless they have the ultimate version, you'll have no worries. One of the cool forensic angles is that you can edit a photo 5 times or more and roll back the changes made back to the begining.

One other "feature" of note is the abiliity after installling to change the registry to move the 1st sector of the logical volume to any sector on the hard drive.

 
Posted : 31/01/2007 10:20 am
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Any challenges presented by Vista will be overcome with knowledge and education, which will be achieved through training.

For example, by default, Vista does not update last access times on files. What this means, and how to work a case without this functionality, will be based on education.

H

 
Posted : 31/01/2007 5:54 pm
_nik_
(@_nik_)
Posts: 93
Trusted Member
 

Bitlocker is also in the Enterprise version of Vista;

>One other "feature" of note is the ability after installling to change the >registry to move the 1st sector of the logical volume to any sector on the >hard drive.

Huh? that's the first time I've heard this and I'm not sure if this makes sense to me.

Also - tools have to evolve - to support BITLOCKER, DRM, TxF and other vista artifacts.

There will be a lot of XML. And a lot of files.

Nik

 
Posted : 06/02/2007 7:12 am
(@chriscant)
Posts: 1
New Member
 

I heard that the Ultimate Edition also has a shredder in the recycle bin which will make recovering deleted files impossible, and again with the bitlocker looks like live imaging is going to have to be the future.

 
Posted : 11/02/2007 9:46 pm
(@fatrabbit)
Posts: 132
Estimable Member
 

I've read somewhere that MS planned to release a completely new file system for vista. I'm not sure whether that was scrapped or just delayed, but that will have an effect on tools and techniques when it eventually surfaces.

 
Posted : 11/02/2007 10:01 pm
Jamie
(@jamie)
Posts: 1288
Moderator
 

Just to follow on from that last point, I've been looking for some detailed info on Vista's filesystem(s) for an article I'm writing but without much success so far. If anyone knows of any useful online resources, please post the URLs. Thanks!

Cheers,

Jamie

 
Posted : 12/02/2007 1:52 pm
(@nabiy)
Posts: 6
Active Member
 

you're right. Vista should still be using NTFS.

the WinFS team blog has some info about it not being in vista (as in not ever being in vista in the future)
http//blogs.msdn.com/winfs/

 
Posted : 12/02/2007 5:20 pm
(@fatrabbit)
Posts: 132
Estimable Member
 

Vista does still use NTFS. However, the new Win FS file system will be released sometime in 2008. Not sure whether it'll end up in any version of vista or just Longhorn.

 
Posted : 12/02/2007 9:14 pm
juo_siva
(@juo_siva)
Posts: 9
Active Member
 

I heard that the Ultimate Edition also has a shredder in the recycle bin which will make recovering deleted files impossible, and again with the bitlocker looks like live imaging is going to have to be the future.

i guess ur right, live imaging will be the future coz direct disk acquisition & bootdisk acquisition will not work with bitlocker enabled… btw is bitlocker turned on by default?? )

 
Posted : 13/02/2007 10:52 am
Page 1 / 2
Share: