论文信息 - Analysis of Windows Vista Security System for Forensic Examination

Analysis of Windows Vista Security System for Forensic Examination

Windows Vista published by Microsoft provides more powerful security mechanisms than previous Windows operating systems. In the forensics point of view, new security mechanisms make it more difficult to get data related to the criminals in a storage device. In this paper, we analyze BitLocker introduced as an new security mechanism in Windows Vista. Also, compared to the previous Windows operating systems, the changes and security issues of UAC and EFS in Windows Vista are discussed in the forensics point of view. Futhermore, we discuss other characteristics of Windows Vista useful for forensic examinations.

Neungsoo Park | Seong-Ho Hwang | Dowon Hong | Su-Hyung Jo | Hyun-Woo Nam

[1] Mark Russinovich,et al. Microsoft Windows Internals, Fourth Edition: Microsoft Windows Server(TM) 2003, Windows XP, and Windows 2000 (Pro-Developer) , 2004 .

[2] Andreas Schuster. Introducing the Microsoft Vista event log file format , 2007 .