Vista For Forensic Investigators

Ant writes "SecurityFocus has a two-part article offering a high-level look at changes in Windows Vista that a computer forensic investigator needs to know about. Part 1 covers the different versions of Vista available and Vista's built-in encryption, backup, and system protection features. Part 2 continues with a look at typical user activities such as Web browser and email usage."

No encryption by default

[5,+Troll]

One misconception is that encryption in Vista is turned on "by default." Actually, it is not. In fact, it is not even available in most versions of Vista. Vista is available in five SKUs, only two of which support encryption (a feature known as "BitLocker", or "BitLocker Drive Encryption" - BDE). Vista Home Basic, Media Edition, and Business *do not* support BDE. Vista Enterprise and Ultimate - the two more expensive editions - do support BDE. Also, encryption is not turned on by default. An important step during encryption involves defining the encryption and decryption keys. This cannot be done by default by someone other than the owner of the system. If it could, then that someone else would be able to gain access to the secure data - exactly what is trying to be controlled.

Re:Oh n0es

[THESuperShawn]

Actually, that's not correct. Bitlocker does not "require" TPM 1.2, it CAN be used without it. You can boot from a USB drive, make a few edits in the local policy, or manually set the 48 digit recovery password just to name a few.

And just about any computer manufactured after January 2006 will have TPM 1.2.