Has anyone had any problems with forensic softwares when migrating to Win XP SP3 ?
If so, please share.
Thanks!
I've heard of USB ports slowing down.
I've also heard of issues on AMD processors - but that could have been user error.
I have not updated any of our machines to SP3. Still waiting for the fallout….
-=Art=-
A colleague found that EnCase Physical Disk Emulator didn't work after installing SP3.
I must admit that I don't tend to update the OS on my forensic machines at all, they're not connected to the internet anyway and I'm happy with the level of security of our network.
Its' one of those…if it hasn't broken, don't fix it things.
I'm currently testing SP3 on a few forensic machines.
Havent had any issues yet.
General PC performance does appear to increase.
Personally havent seen a decrease on USB performance (though i'll test this a little more)
Its going to be a while though before i have the courage to roll it out to all lab machines.
Tom
Is it a clean install that you have then installed SP3 on, or a current machine with all your programs and utilities on that you have upgraded?
A colleague found that EnCase Physical Disk Emulator didn't work after installing SP3.
What version of EnCase was this?
A colleague found that EnCase Physical Disk Emulator didn't work after installing SP3.
I must admit that I don't tend to update the OS on my forensic machines at all, they're not connected to the internet anyway and I'm happy with the level of security of our network.
Its' one of those…if it hasn't broken, don't fix it things.
Well…
I looked at the new features/enhancements in SP3 and I think I'm gonna stick with SP2. The benefits of SP3 might not be worth the risks… Although I kinda liked the WPA2 support for our laptops…
It's still interesting to see what happened when people switched to SP3.
A colleague found that EnCase Physical Disk Emulator didn't work after installing SP3.
What version of EnCase was this?
6.11 I think.
Initially he reinstalled EnCase after uninstalling it from Add/Remove Programs, that didn't work so he uninstalled SP3 and suddenly it worked.
It may have just been a driver conflict, who knows, and maybe a clean install with SP3 and then EnCase would work.
I've certainly had too many problems with forensic machines after updates that I don't even bother now, who am I protecting the machine against on my closed network?
So far I've encountered no issues with any forensic software. I haven't seemed to notice a slow-down in USB performance but I'll post if I come across it.
Which brings up an interesting question
Do clients, courts, "consumers of digital forensic services," require updated software, patches, &c.? There is probably lattitude (as long as it works…) but I could see a defense attorney hammering this point.
Or… must the examining station be identical to the suspect machine(s)? Especially since Windoze has a tendency to have, well, no standardization in artifact placement. Consider that there are five (5) different OSes which Microsoft calls Windows 95. A little "improvement" here, a small change there, throw in a few new & improved dlls, and soon Files of Interest are hiding in plain sight.
Looks like yet another grey area. What are accepted industry practices?