Forensics: Implications of Windows Vista

The document attached is entitled Forensic Implications of Windows Vista, by Barrie Stewart.

This is a detailed document about computer forensics and Vista, it appears to have disappeared from easy access on the web, so it’s posted here.  No rights are claimed over this, so if anybody wants this taking off this site, please contact the site.

Abstract
Windows XP was launched in 2001 and has since been involved in many digital investigations. Over the last few years, forensic practitioners have developed a thorough understanding of this operating system and are fully aware of any challenges it may create during an investigation. Its successor, Windows Vista, was launched in January 2007 and is
fast on its way to becoming the platform of choice for new PCs. Vista introduces many new technologies and refines a number of features carried over from XP. This report focuses on some of these technologies and, in particular, what effect they have on digital investigations.

Read more……

Foreniscs Quizzes are on the move

The following quizzes have now been moved to the new site:

A selection of computer forensics tests and quizzes are available the parent site Where Is Your Data?, these include:

Computer Forensics – NTFS (1) (theory)

Computer Forensics – NTFS (2) (theory)

Computer Forensics  – Law (theory)

Who’s Who (in computer forensics and electronic discovery)

The following quizzes have not all been moved across to the new site yet, but are being moved across (all in good time)

Forensics: Importing Hashsets into EnCase (Part 2)

Part 2, of the series. Part 1, of how to import hashes into EnCase is available here.

Forensics: Importing Hashsets into EnCase (Part 1)

Forensics: Importing Hashsets into EnCase (Part 1)

Forensics: FTK Tips

Access Data latest tips for FTK, on YouTube.