Article ID | Journal | Published Year | Pages | File Type |
---|---|---|---|---|
456506 | Digital Investigation | 2008 | 15 Pages |
Abstract
Several of the new features of Windows Vista may create challenges for digital investigators. However, some also provide opportunities and create interesting new evidential artefacts which can be recovered and analysed. This paper examines several of these new features and describes methods for recovering shadow copies of files from Restore Points, identifying BitLocker on a system, the importance of recovery keys in dealing with BitLocker encrypted volumes and also the problems that User Account Control could cause for live investigations.
Related Topics
Physical Sciences and Engineering
Computer Science
Computer Networks and Communications
Authors
Christopher Hargreaves, Howard Chivers, Dave Titheridge,