Windows Vista Serious Challenges for Digital Investigators Authors: Darren Hayes Shareq Qureshi Presented By: Prerna Gupta.

Slides:



Advertisements
Similar presentations
“Windows 7 is more than just spin. It's stable, smooth and highly polished” Same or Less Resources Needed Enhanced Interface Enhanced File System / Search.
Advertisements

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Database Administration and Security Transparencies 1.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Module 3 Windows Server 2008 Branch Office Scenario.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Chapter 7 HARDENING SERVERS.
Chapter 6: Configuring Security. Options for Managing Security Configurations LGPO (Local Group Policy Object) –Used if Computer is not part of a domain.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
MDOP 2010: Diagnostic and Recovery Toolset (DaRT) Speaker Fabrizio Grossi
1 Chapter Overview Managing Compression Managing Disk Quotas Increasing Security with EFS Using Disk Defragmenter, Check Disk, and Disk Cleanup.
ENCRYPTION Coffee Hour for August HISTORY OF ENCRYPTION Scytale Ciphers – paper wrapped around rod, receiver needed same size rod to get the message.
Virtual techdays Desktop Security with Windows 7 AppLocker & BitLocker to Go Aviraj Ajgekar│ Technology Evangelist │Microsoft Corporation Blog:
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
eScan Total Security Suite with Cloud Security
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features.
Using Windows Firewall and Windows Defender
Introducing, Installing, and Upgrading Windows 7 Lesson 7.
Networking Security Chapter 8 powered by dj. Chapter Objectives  Explain various security threats  Monitor security in Windows Vista  Explain basic.
Microsoft ® Official Course Module 8 Securing Windows 8 Desktops.
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
Week #7 Objectives: Secure Windows 7 Desktop
POSITIONING STATEMENT For people who operate shared computers with Genuine Windows XP, the Shared Computer Toolkit is an affordable, integrated, and easy-to-use.
COMPREHENSIVE Windows Tutorial 5 Protecting Your Computer.
Troubleshooting Windows Vista Security Chapter 4.
MCTS Guide to Microsoft Windows Vista Chapter 7 Windows Vista Security Features.
Module 14: Configuring Server Security Compliance
Module 7: Fundamentals of Administering Windows Server 2008.
Windows Vista, 2007 Office system, and Exchange 2007 Better Together.
Windows 7 Release Candidate 1 Overview Some slides are screenshots made while the test computer was connected to a network with other computers and Internet.
Module 3 Configuring File Access and Printers on Windows ® 7 Clients.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 7 Windows 7 Security Features.
Security Fundamentals in Windows Vista Jayesh Mowjee Technical Consultant
CSCI 1033 Computer Hardware Course Overview. Go to enter TA in the “Enter Promotion Code” box on the bottom right corner.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Enabling Secure Always-On Connectivity [Name] Microsoft Corporation.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Module 7: Implementing Security Using Group Policy.
May 30 th – 31 st, 2007 Chateau Laurier Ottawa. Getting it Done: Understanding the Security Features of Windows Vista Kai Axford, CISSP, MCSE-Security.
Understand Encryption LESSON 2.5_A Security Fundamentals.
May 25 – June 15, Technical Overview Bruce Cowper IT Pro Advisor Microsoft Canada Damir Bersinic IT Pro Advisor Microsoft.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 7 Windows 7 Security Features.
Module 8 Implementing Security Using Group Policy.
FeatureWindows 8 Pro Windows 8 Enterprise Windows 7 Enterprise * Ability to use RemoteAppXX RemoteFX Multi-TouchXX RemoteFX USB & PnP.
Return to the PC Security web page Lesson 4: Increasing Web Browser Security.
Securing Tomorrow’s World Microsoft Security Roadmap Ed Gibson & Steve Lamb Microsoft Ltd.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Windows Vista Configuration MCTS : Network Security.
Using Mobile Computers Lesson 12. Objectives Understand wireless security Configure wireless networking Use Windows mobility controls Synchronize data.
Windows Vista Configuration MCTS : NTFS Security Features and File Sharing.
Labs. Session 1 Lab: Installing and Configuring Windows 7 Exercise 1: Migrating Settings by Using Windows Easy Transfer Exercise 2: Configuring a Reference.
Windows Tutorial 5 Protecting Your Computer
ITMT Windows 7 Configuration Chapter 10 – Securing Windows 7
Managing Windows Security
Maintaining Windows Server 2008 File Services
Configuring Windows Firewall with Advanced Security
Business Risks of Insecure Networks
Implementing Client Security on Windows 2000 and Windows XP Level 150
Bethesda Cybersecurity Club
Bethesda Cybersecurity Club
Securing Windows 7 Lesson 10.
Bethesda Cybersecurity Club
Presentation transcript:

Windows Vista Serious Challenges for Digital Investigators Authors: Darren Hayes Shareq Qureshi Presented By: Prerna Gupta

Vista Overview Not all users are the same:  GenerationX Internet Multimedia Social Networking Gaming  Middle-Aged (Baby Boomers) Tech-Savvy  Senior Citizens

Security Changes  User Account Control  Firewall  Authentication  Network Access Protection  Windows Service Hardening  Anti-Malware  Data Protection  Windows Parental Controls

Firewall  Application Aware Outbound Filtering  Group Policy Settings (Enterprise Administrators)  Application Can Run Locally But Not Communicate Across a Network  IPv6 Connection Filtering

Authentication  Custom Authentication:  Biometrics  Tokens  Authentication for Passwords & Smart Cards

Anti-Malware  Windows Defender  Pop-Ups  Slow Performance  Spyware  Software Explorer  Windows Live OneCare (Spyware & Anti- Virus)  Real-Time Protection

Data Protection  Offline Attacks  BitLocker Drive Encryption Trusted Platform Module (Secure Generation of Cryptographic Keys  Encrypted File System

Benefits to Investigations  Control, Ownership & Intent Varying levels of Users New methods of Authentication  Scheduled Backup & Restore Automatic Shadow Copy by Default  15% of Volume Reserved

Challenges to Investigators  Encryption BitLocker Drive Encryption  Hard Drive (AES – TPM) Encrypted File System Encrypted  Windows Mail  Reduction in Metadata  Automatic Defragmentation

Event Logging  Time, SID, Source, Message  More than 50 Logs by Default  C:/Windows/system32/winevt/Logs/  Application.evtx  HardwareEvents.evtx  Internet Explorer.evtx  Security.evtx  Setup.evtx.  System.evtx, More…..

Changes in Evidence  System Time Event Events are XML but Encoded rather in BXML Practical Test on Windows XP and Vista Person wants to Change the System Time after the Crime Possible in Both, but shown only in Vista

Changes in Evidence(Cont.)

Event Viewer in XP

Event Viewer in Vista

Disk Defragmentation  Works Same way in XP as in Vista  Simplified GUI but More Concern to Investigators  Disk Fragmentation is Scheduled to Work Automatically  Implication with Regard to Recovery of Deleted Files

XP Disk Defragmenter

Vista Disk Defragmenter

Last Access Dates  In Windows XP are no Longer Updated  In Windows Vista, this Feature is Enabled by Default  This Default Setting Obviously has a Severe Impact  Date Stamps as Part of their Analysis.

Windows Firewall  Filter Incoming and Outgoing Network Connections  From a Forensic Perspective - Logging Mechanism  The Log is Disabled by Default  C:\windows\system32\LogFiles\Firewall\pfirewall.log

Windows Search Engine  Windows Vista - New Search Engine and Indexing Feature  Users can Now Save their Searches and Review the Results  C:\Users\XXXX\Searches  The Indexing Service - Quickly Locate Files  “C:\ProgramData\Microsoft\Search\Data\Appliations \Windows\Projects\systemIndex\Indexer\CiFiles”  Vista maintains Several Index Files

Shadow Volume Copy  Act as a Block Device  A layer Between the Device & File System  Application Writes Data to Disk  Upon Write, Overwritten Block Moves to Shadow Copy  Shadow Copy Holds only Blocks that Changed

n

Conclusion  Problem of Control, Ownership & Intent  Challenges with BitLocker Encryption & TPM  Restoration & Shadow Copy are Helpful

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.