I'm looking into a case where Windows 7 Beta/RC is the OS.
The case here is that the suspect have been hacking into a network and changed some of the data there. We know what is changed and we have loggs confirming the intrusion into the network. The loggs comes from the networkadministration
Does anyone have any experience analyzing Windows 7? I would be happy if anyone could some guidance.
Thanks )
from what perspective? What are you looking to analyze, or determine through analysis?
From some perspectives, there is not a great deal of difference between Windows 7 and other Windows versions…in other instances, there are significant differences. If you could provide some details with respect to what it is you're looking for, it might be easier to assist.
h
Thanks for responding. I should have been more specific in what I'm looking for.
What I'm looking is logs or other clues that can tell me if the suspect has been hacking the network and/or used another persons username and passord to access the network. Which sites he have been connected to. We have traced an IP-adress to his homeadress, have the time when the intrusion occured. Hope this will be more clear. I use Encase and Netanalysis.
OT, sorry oops , but
In other words, a hacker actually using Windows 7? 😯
jaclaz
A good start is to do a scan for the hosts he tried to connect to as most logs are plain ascii-textfiles. You could also give the thesis "Forensic Implications of Windows Vista" by Barrie Stewart a try. From what I have seen Vista seems to be very similar to Windows 7. To be honest I have not seen any mayor differences yet but I have not dug deep into it yet.
And what jaclaz said I would not really call this hacking. It seems someone misused a known account. A good clue that this is not hacking is that usage of Windows 7 ;).
Thanks for responding. You are correct, this is not hacking. The suspect used another persons username and password. And I will be searching for those on the suspects computer.
)