Windows Vista and digital investigations |
| |
| Affiliation: | 1. Department of Informatics and Sensors, Cranfield University, Shrivenham SN68LA, United Kingdom;2. Hi-tech Crime Unit, North Wales Police, Colwyn Bay, LL29 8AW, Wales, United Kingdom;1. Center for Behavioral Epidemiology and Community Health, San Diego, California;2. University of Southern California Keck School of Medicine, Los Angeles, California;3. Directing Medicine LLC, Baltimore, Maryland;4. Johns Hopkins Bloomberg School of Public Health, Baltimore, Maryland;5. Johns Hopkins School of Medicine, Baltimore, Maryland;6. Harvard Medical School, Boston, Massachusetts |
| |
| Abstract: | Several of the new features of Windows Vista may create challenges for digital investigators. However, some also provide opportunities and create interesting new evidential artefacts which can be recovered and analysed. This paper examines several of these new features and describes methods for recovering shadow copies of files from Restore Points, identifying BitLocker on a system, the importance of recovery keys in dealing with BitLocker encrypted volumes and also the problems that User Account Control could cause for live investigations. |
| |
| Keywords: | |
| 本文献已被 ScienceDirect 等数据库收录! |
|
