Forums
Main Category
General (Technical,...
Vista is here - wha...
 
Notifications
Clear all

Vista is here - what does it mean for us?

 
Page 2 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by Jamie 18 years ago
15 Posts
10 Users
0 Reactions
915 Views
RSS
steve862
 steve862
(@steve862)
Estimable Member
Joined: 19 years ago
Posts: 194
13/02/2007 4:09 pm  

Hi,

At present BitLocker is turned off by default and is only on the two more expensive versions of Windows. It requires a compatible BIOS and either a TPM chip on the motherboard or a USB pen drive to store the required hash file.

Having had BitLocker exlpained to me by Microsoft technicians I came to the conclusion that so much can go wrong with it, that lots of people wouldn't choose to use it. Already we have encryption tools that are very secure and yet people don't use them very often. I really can't see many people putting their trust in a brand new Microsoft product yet.

BitLocker was created to secure data on laptops left in taxis, trains etc by dim witted reps, politicians, civil servents etc, etc. If these people are sufficiently dim to leave a laptop containing important (even top secret) data they are therefore dim enough to screw up using a laptop with BitLocker enabled. When you consider a hash of the boot sector needs to match what is in the TPM chip for the boot sector to be 'unlocked' you can see how Mr Civil Servent is going to be capable of messing up his boot sector without updating the chip, BIOS etc using the BitLocker 'wizard'.

We are beginning to move towards live acquisitions but I don't think BitLocker is going to speed up that approach very much.

Steve


   
ReplyQuote
juo_siva
 juo_siva
(@juo_siva)
Active Member
Joined: 19 years ago
Posts: 9
15/02/2007 11:16 am  

Looks like BitLocker will need some time before it can populate the market coz of the few reasons below

1) The motherboard of the computer must come with Trusted Computing Group (TCG) compliant BIOS
2) Two NTFS drive partitions needed, one for the system volume & the other for the OS volume (this might confuse lots of people)
3) If you wanna use USB drive to store the key, then your BIOS must support reading USB flash drives at startup

Siv


   
ReplyQuote
Jamie
 Jamie
(@jamie)
Moderator
Joined: 5 years ago
Posts: 1288
05/04/2007 10:37 am  

Hi all,

I'll shortly be putting together a follow up to my Vista forensics article at Security Focus. The idea behind these short articles is to highlight some of the changes in Vista which might be of interest to forensic examiners so if there's anything you'd like to see included or have a strong opinion on something which you'd like to share (with a view to being quoted) please feel free to drop me a line.

Kind regards,

Jamie


   
ReplyQuote
hogfly
 hogfly
(@hogfly)
Reputable Member
Joined: 21 years ago
Posts: 287
05/04/2007 6:02 pm  

Jamie,
Great, I look forward to the follow up. FYI- I've posted some information on decoding the backup and restore center in the registry on my blog forensicir.blogspot.com.


   
ReplyQuote
Jamie
 Jamie
(@jamie)
Moderator
Joined: 5 years ago
Posts: 1288
07/04/2007 8:37 pm  

Thanks hogfly and a very nice blog you've got there, please feel free to add it to the blogs section of the links page if you'd like (I've added it to the appropriate "resources" section for forthcoming newsletters).

Any further thoughts, comments, tips or tricks re. Vista forensics are still welcome, although I'd like to get the article done by Wednesday at the latest so don't delay!

Cheers,

Jamie


   
ReplyQuote
Page 2 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: