Article ID Journal Published Year Pages File Type
456506 Digital Investigation 2008 15 Pages PDF
Abstract

Several of the new features of Windows Vista may create challenges for digital investigators. However, some also provide opportunities and create interesting new evidential artefacts which can be recovered and analysed. This paper examines several of these new features and describes methods for recovering shadow copies of files from Restore Points, identifying BitLocker on a system, the importance of recovery keys in dealing with BitLocker encrypted volumes and also the problems that User Account Control could cause for live investigations.

Related Topics
Physical Sciences and Engineering Computer Science Computer Networks and Communications
Authors
, , ,