Vista Makes Forensic PC Exam Easier for Lawyers 343
Katharine writes "Jason Krause, a legal affairs writer for the American Bar Association's 'ABA Journal' reports in the July issue that Windows Vista will be a boon for those looking for forensic evidence of wrongdoing on defendants' PC's and a nightmare for defendants who hoped their past computer activities would not be revealed. Krause quotes attorney R. Lee Barrett, 'From a [legal] defense perspective, [Vista] scares me to death. One of the things I have a hard time educating my clients on is the volume of data that's now discoverable.' This is primarily attributable to Shadow Copy, TxF and Instant Search."
Another Use for VMWare (Score:4, Interesting)
Another reason I'm sticking with XP.
It's not the function that's the problem (Score:5, Interesting)
All potentially damaging (ie, all) data should be written to an encrypted store in such a way that recovering it from a lost/stolen/seized machine is hard to impossible without assistance from the owner. That's just good design practice in an environment where there is more than enough computing power available.
I'm aware that there are places where you have to hand your keys over to law enforcement... with which I have no real problem provided the due process of law is followed. But at least properly managed/segmented encryption can prevent a fishing trip. And in the worst case if you were being falsely accused of something really awful then you might decide that the penalties for not handing over the keys were less severe than the penalties for having the data available. At least you would get the choice.
Re:Another Use for VMWare (Score:2, Interesting)
Re:Just some more... (Score:3, Interesting)
Care to highlight why I'd want to use Vista?
Re:It's not the function that's the problem (Score:4, Interesting)
Re:Just some more... (Score:3, Interesting)
No, Vista is being pre-installed on new computers.
Vista is not selling well, people do not want it, and
companies are being told to stay away from it*
> and many people I know are using it without any complaints.
Many people I know are switching to Ubuntu. See how that statement works?
> Why are the good points about Vista never mentioned on Slashdot?
Um because most of the people that come here just see history repeating
itself.
[*]
http://www.tech.co.uk/computing/software/operatin
http://www.businessweek.com/technology/content/no
http://www.theinquirer.net/default.aspx?article=3
Nothing too new about this.... (Score:2, Interesting)
For quite some time, it's become easier to find out anyone's business as they used their computer, even in Windows XP. It just seems that with Window Vista, it's easier to make the discovery. Keep in mind, it's not just the operating system doing the copies, but it's also applications that do so as well.
From the "temporarily copied" documents viewed in Microsoft Outlook, to the cached images stored by Internet Explorer, and still yet to the meta-data stored in Word documents. (There have a been a few times I have read a Word document meant to be anonymous only to find the creator in the document's properties.)
While it might take the career of the computer forensic scientist down a peg and be a boon for any prosecutor, it does nothing more than make it easier to find information that hasn't been deleted by force from its owner.
Don't be surprised if the market now swarms with applications that will allow you to 'view' data while wiping all trace evidence after it's been seen; or still yet allowing you to create documents that are completely wiped of meta-data. Sure, you won't be able to find something unless the search has to delegate to its bits and bytes, but at least they can't find someone's manifesto by name. (Of course, you have to be sure that it wasn't e-mailed.)
It's encroachment on privacy like this that creates entirely new markets for people to leech from the truly paranoid; which seems to be quite a majority of the population since everyone seems to have some skeleton in their closet.
On a funny note, this one co-worker had an embarrassing image pop up every time he went to print; the image itself was attached to an e-mail from a co-worker who loved to send around joke e-mails. He wasn't able to get rid of the image from the preview, until I pointed him to the directory (which is stamped in the registry) where Outlook stores its temporary files (usually most attachments, images, etc.) Apparently this fellow never opens any e-mail from this co-worker anymore.
Computer OS (Score:3, Interesting)
Now, when that OS has deliberate code to track and monitor a users 'usage', it really is no more a tool to run a computer, but rather a tool to watch a user. The main job of that code is absolute control of the computer taken away from the user.
MS have been trying to do this for years, and now it looks like they have succeeded ~ and the sheep follow and buy the crap.
It is pretty scary that this succeeds at all. I mean, nobody in their right mind would buy a car that recorded every single journey and 'phoned home' every time you exceeded a speed limit, or the car stopped at changing traffic lights, even though you didn't need to... the world would be in uproar and the car would most definitely not sell at all.
Yet the sheep still but this crap...
Re:Another Use for VMWare (Score:4, Interesting)
While they will not be able to prove they contain the suspect data, plausible deniability becomes less plausible.
Much of forensics is being able to correlate the existence of a known file on a filesystem against other evidence, such as another computer that did not employ the protective measures. The point of the article is that TrueCrypt is not enough (and really hasn't been due to the number of artifacts that XP already leaves)- you will have to take a number of measures to cover your tracks which can be quite time intensive.
TrueCrypt is a wonderful product. I use it myself to encrypt corporate data. However, every now and then I play with EnCase on my laptop to see what is left behind and it makes me even more paranoid when I have nothing to hide.
Re:It's not the function that's the problem (Score:3, Interesting)
It burns me a little that "Vista" and "Microsoft" are in this posting/article because it's the technologies that make people's lives easier that also make them more open to computer forensics finding deleted data, etc.
However, while I'm sure the community here could come up with a million things that they wouldn't want law enforcement to get their hands on, and let's leave your 600GB music/movie collection out of this, so what that it's easier to discover that someone had child porno on their computers? This "ease of discovery" only comes after both suspicion of a crime are filed along with a judge-ordered subpoena. If you find yourself in this situation, well, I hate to my bones to say it, but if you didn't do anything wrong, what do you have to be worried about???
(Note: I hate that "if you've done nothing wrong" argument, but in this case it applies since you're already suspected of a crime and some sort of search/seizure documents have been filed for your computer equipment.)
Re:Another Use for VMWare (Score:3, Interesting)
While they will not be able to prove they contain the suspect data, plausible deniability becomes less plausible.
If this were a criminal case, wouldn't one invoke the 5th Amendment? Sorry charley, no keys forthcoming?
C//
VMWare/VirtualPC not a solution (Score:3, Interesting)
I think after about 90 days (more or less, I don't use it that much) I have noticed the Windows installation corrupts itself everytime with the same error (blue screen on startup saying it can't find a specific file in the \system folder), call Microsoft and all they know is that you should apply the latest patches (but I'm not on the Internet, I'm in a controlled environment)
I have had it with different systems (Mac, PC, Linux) and there was no special software running on the virtual machines and all networking and file transferring was blocked.