Vista Makes Forensic PC Exam Easier for Lawyers

Katharine writes "Jason Krause, a legal affairs writer for the American Bar Association's 'ABA Journal' reports in the July issue that Windows Vista will be a boon for those looking for forensic evidence of wrongdoing on defendants' PC's and a nightmare for defendants who hoped their past computer activities would not be revealed. Krause quotes attorney R. Lee Barrett, 'From a [legal] defense perspective, [Vista] scares me to death. One of the things I have a hard time educating my clients on is the volume of data that's now discoverable.' This is primarily attributable to Shadow Copy, TxF and Instant Search."

Re:It's not the function that's the problem

[Ravnen]

Vista actually has a full-drive encryption mechanism, called 'BitLocker'. If it's enabled, I suppose any attempt at forensic examination would require either (a) the permission of the owner, or (b) breaking the encryption.

Re:Another Use for VMWare

[PsyQo]

Put the entire virtual machine + disks on a encrypted truecrypt volume

Re:It's not the function that's the problem

[Konster]

C) Or a court order to fork over the password.

Re:Just some more...

[mrchaotica]

Why are the good points about Vista never mentioned on Slashdot?

Because there aren't any. Seriously. I've been using Vista (Business) all summer; I should know. Yes, it has fancy GPU-accelerated graphics. But they don't do me any good because they suck my battery life (it's the difference between lasting through a lecture worth of note-taking in OneNote, or not). Yes, it has better support for Tablet PCs... but only ever so slightly better. Other than that, the only differences I notice between it and XP are all negative: shitty or missing drivers, annoying bugs, infuriating UAC (if it asked me to confirm an action once, it'd be okay. But it often asks me twice: once by the app, and once by the OS). It's so bad that -- even though Tablet PC users should have the most improved experience in Vista of any group -- I'm switching either back to XP or to Ubuntu once the semester is over.

Re:Just some more...

[Anonymous Coward]

Yes, we know it's more resource intensive, but it's not just the interface that's doing it. One article is from an Apple fansite which either fails to understand or doesn't want to and the other doesn't claim it's the interface at all. Bad start.

The DRM only applies to (shock) DRM-enabled content that you buy. It was a choice between layering in the DRM or not allowing people to view that content on the PC at all, a choice enforced by the big media companies who own the content. Yes, Microsoft could have stood up and said no, and in doing so crippled Blu-ray and HD-DVD functionality in Vista. Surprisingly, despite Slashdot's wanton hatred of it (I don't particularly care for it either), very few consumers care about DRM, so they went ahead and gave people access to that content.

For security, two of your articles were published before Vista was even released to the public, and the only relevant link just explains that if an installer requests admin mode, you can give it admin mode and it can do what it likes, citing a 'malicious freeware Tetris installer'. The article fails to mention that this happens in the same way for both OS X and Linux, instead of trying to be useful and educate readers on using their common sense when downloading software.

Saying 'security has to be disabled for Vista to be useful' is just plain bullcrap. Turning off UAC merely stops giving you the choice to run programs as admin. UAC doesn't prevent any programs from running unless you say you don't want it to run. You may want to clarify that point.

Expense (as always) is in the eye of the beholder (I paid my £70 and have never regretted it), and considering hard drive costs are down to 30-40 cents a Gigabyte, then the extra space costs are inconsequential. As most people only get a new OS with a new computer they will probably never even concern themselves with this point.

You didn't provide links to prove 'clunky' or 'privacy-invading', which doesn't surprise me.

The article you linked to for 'insecure' says "Microsoft, Kaspersky and Sophos think that you don't need kernel access to keep it safe from viruses, but Symantec and McAfee don't agree. They're bigger than the other two vendors and Microsoft is biased so they must be right".

Your final link takes the cake because it links to a list of blogs and none of them mention Microsoft at all.

So, why would you want to use Vista? You wouldn't. Nothing to do with usability, or features, but because you obviously prefer using Linux to the extent that you're prepared to parrot the FSF line without actually understanding it.

My plus points with Vista include:

- Playing MP3s and DVDs without breaking the law (fair law or not, still a law)
- Being able to play the latest games without needing a degree in Computer Science
- Being able to perform 99% of my system tasks without referring to the CLI

Comment removed

[account_deleted]

Comment removed based on user account deletion

ERASER == goodness

[Eric S Raymond]

http://sourceforge.net/project/showfiles.php?group _id=37015 [sourceforge.net]

Not sure if it helps in this case, though.

Re:Another Use for VMWare

[Hatta]

TrueCrypt provides plausible deniability. So just have 2 encrypted directories. One for relatively safe stuff, one for the really bad shit. If someone forces you to give them a password, give them the relatively safe one. Since truecrypt volumes are indistinguishable from random data it's impossible for them to know there's anything else in that chunk of encrypted data.

Re:Another Use for VMWare

[Hatta]

Do your browsing on a QEMU image kept in the truecrypt volume. No traces.

What a load

[Anonymous Coward]

Sorry, I couldn't even read the whole article without freaking. I work in Electronic Discovery and am an expert in this field, large collections focus on data and data-ownership. Operating system files are removed from this process as irrelevant only user data is of interest, machines seized in this process are shipped to facilities that catalog relevant files in a much larger review system. Anybody who desires to 'fire the machine up' also desires to deal with OS security and trusts that technology to not mask anything of value. Terabytes of data are filtered through in sets that span many fileservers and clients alike. Mac, Win, *nix it doesn't matter. Suggesting Vista will help with this is a complete joke, all OS's are equally irrelevant. And regardless of what people might think Lawyers are not valued for their technical competence by anybody but other Lawyers. Anybody who wants to deal with systems on a host by host basis will never finish reviewing all their material and will loose their case.

Not that dumb ideas don't get passed off as brilliance.

Ah, I feel better now. Well its back to crawling 12 million Tiff files of OCR paper documents for me, and no I'm not using freakin' Vista.

That part is kind of unclear

[Sycraft-fu]

Since things like computers didn't exist back when the Constitution was written. You can't just say "no" to anything that might convict you. For example you can't refuse to hand over a key to your house (not that they can't break the lock anyhow) or refuse to give a blood sample. So an encryption key is a real grey area. On the one hand, it isn't really testimony per se, it is more akin to a physical key and thus you should have to hand it over. On the other hand it is something that is stored solely in your head, and the intent of the 5th is that you could keep your mouth closed if you wanted to.

Something like this would probably have to be argued in court if it came up. There is probably some precedent both ways, and I don't think there's any rulings on this specific topic.