Slashdot Mirror


Vista For Forensic Investigators

Ant writes "SecurityFocus has a two-part article offering a high-level look at changes in Windows Vista that a computer forensic investigator needs to know about. Part 1 covers the different versions of Vista available and Vista's built-in encryption, backup, and system protection features. Part 2 continues with a look at typical user activities such as Web browser and email usage."

4 of 125 comments (clear)

  1. Oh n0es by mboverload · · Score: 4, Interesting

    The smart people already use drive encryption via TrueCrypt and other methods.

    This may make it easier for the not so completely stupid criminals to protect themselves, but I doubt it will have any real effect.

    People are stupid. Thats why they get caught.

    1. Re:Oh n0es by Detritus · · Score: 4, Interesting

      There is a legal distinction between testimony and material objects like diaries and journals. From what I've read, a court can compel someone to hand over material objects, like a safe, but it can't compel someone to say the combination. This issue came up quite often during Prohibition. Many rum runners kept their business records in code. The government would often seize these records during a raid. The government used their own cryptanalysts to break the codes and testify in court as expert witnesses.

      --
      Mea navis aericumbens anguillis abundat
  2. encypted backups? by RedElf · · Score: 5, Interesting

    After reading the article (I know we're not supposed to do that) I'm a little confused on if you backup an encrypted volume if the backup is also encrypted. If not, doesn't that defeat the whole purpose of encrypting that data in the first place?

    --
    You know, I have one simple request. And that is to have sharks with frickin' laser beams attached to their heads!
  3. Encryption use is low anyway... by Blittzed · · Score: 3, Interesting

    Part of my job entails working with law enforcement officials in the field of digital forensics. They have told me that the use of any encryption system by criminals is very low, to the point of non-existent. This is fortunate for the Police, as it makes it easier for them to keep these scumbags off the streets (unfortunately a lot of the crime they deal with is child pornography). There are so many barriers to Bitlockers use (TPM, correct version of Vista, off by default etc etc), that its widespread use just doesn't seem likely. If the bad guys aren't using EFS and other encryption systems now, and these are easy to implement, why would they bother of going through the hassle to use Bitlocker? There are also laws being enacted in certain countries to force the bad guy to give up passwords/ keys etc (ie we are going to lock you up until you give it to use so you may as well do it now...).

    --
    "They looked deep into my soul and assigned me a number based on the order in which I joined"