Vista Makes Forensic PC Exam Easier for Lawyers 343
Katharine writes "Jason Krause, a legal affairs writer for the American Bar Association's 'ABA Journal' reports in the July issue that Windows Vista will be a boon for those looking for forensic evidence of wrongdoing on defendants' PC's and a nightmare for defendants who hoped their past computer activities would not be revealed. Krause quotes attorney R. Lee Barrett, 'From a [legal] defense perspective, [Vista] scares me to death. One of the things I have a hard time educating my clients on is the volume of data that's now discoverable.' This is primarily attributable to Shadow Copy, TxF and Instant Search."
Another Use for VMWare (Score:4, Interesting)
Another reason I'm sticking with XP.
Re:Another Use for VMWare (Score:5, Funny)
Mwa aha hah.
Re:Another Use for VMWare (Score:5, Funny)
Re: (Score:2, Funny)
It can't be ARSEd.
Re:Another Use for VMWare (Score:5, Funny)
Obligatory (Score:5, Funny)
Red bead attempting to slide right.
Cancel or Allow?
Re: (Score:2, Interesting)
Re:Another Use for VMWare (Score:5, Insightful)
Re: (Score:2)
Now, where can I get this Vista thing..
Re: (Score:2)
Re: (Score:2)
Commitment to getting off the dead butt and exerting effort to earn something is what capitalism is all about, no?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re:Another Use for VMWare (Score:5, Insightful)
Re:Another Use for VMWare (Score:4, Informative)
Re: (Score:2)
Re: (Score:2)
Re:Another Use for VMWare (Score:4, Informative)
Re:Another Use for VMWare (Score:4, Interesting)
While they will not be able to prove they contain the suspect data, plausible deniability becomes less plausible.
Much of forensics is being able to correlate the existence of a known file on a filesystem against other evidence, such as another computer that did not employ the protective measures. The point of the article is that TrueCrypt is not enough (and really hasn't been due to the number of artifacts that XP already leaves)- you will have to take a number of measures to cover your tracks which can be quite time intensive.
TrueCrypt is a wonderful product. I use it myself to encrypt corporate data. However, every now and then I play with EnCase on my laptop to see what is left behind and it makes me even more paranoid when I have nothing to hide.
Re:Another Use for VMWare (Score:4, Informative)
Re: (Score:2)
How to tell the links and such info to the TrueCrypt volume are broken because the stuff was already deleted there as opposed to you not giving them the proper password?
Re: (Score:3, Interesting)
While they will not be able to prove they contain the suspect data, plausible deniability becomes less plausible.
If this were a criminal case, wouldn't one invoke the 5th Amendment? Sorry charley, no keys forthcoming?
C//
Re:Another Use for VMWare (Score:5, Insightful)
Personally, if I had any really bad shit on my system I'd probably just have a buried NAS box somewhere on (or even off) the premises. Probably would be best if there were a hardwired connection to it: wouldn't want the Feds to use a sniffer and figure out you have the thing. Oh sure, if they really wanted to they could find it, but why make it easy? Hide the cabling and hide the point at which it attaches to the rest of your LAN. Probably want the box to run a watchdog task that will disable it completely if it detects that specific machines on the LAN have disappeared (as in "having been confiscated".) That way, even if someone performing forensics notices that there was another network drive mapped, by the time they get back to search for another machine it won't be detectable unless they start tearing down your walls.
Of course, you'd be a lot safer not having that bad shit in the first place.
Re: (Score:3, Insightful)
Very true, however if enough individuals begin to mount such defenses (and they are readily available to all) a change in the culture has been made. The act of convincing a significant number of people to defend themselves against potential governmental intrusion is what is important here. Doesn't matter whether they have anything specific to hide, in fact the more people who have not
Re: (Score:2)
Not with standard hardware. ''They'' would just make a backup of the encrypted data before you get to enter any password.
Re: (Score:2)
Great if you want to emulate Win9x and not worry about instability over time.
Re: (Score:2)
Re: (Score:2, Insightful)
Re: (Score:2)
I assume by "wipe out" you mean "use a multi-pass file corrupter and eraser solution" because simply doing a DEL on the file won't keep it from being undeleted.
Now, TrueCrypt is the perfect software for keeping secrets. You can even make a hidden partition that not even TrueCrypt knows exist unless you provide the correct password. Otherwise there is no way for TrueCrypt (or anyone) to see it. Not to mention you have a DIFFERENT password unlock a "dummy" partition where the hidden one resides in, with
Re: (Score:2)
You make it sound like these services (desktop search, shadow copy,
Re: (Score:3, Funny)
=)
Pime Taradox (Score:2, Funny)
Re: (Score:2)
OSX Leopard will have the exact same issues as Vista in this area.
Re: (Score:2)
I on the other hand had not heard of Shadow Copy or Transactional NTFS so I found it quite interesting. I do not use vista but at some point I probably will, and the first thing I will do it turn off Shadow Copy or change the space it has allocated to it. The default seems to be to keep 15% of every volume for old files. I would much rather set that to a much lower value, especially since alot of programs (MS Word for instance) al
It's not the function that's the problem (Score:5, Interesting)
All potentially damaging (ie, all) data should be written to an encrypted store in such a way that recovering it from a lost/stolen/seized machine is hard to impossible without assistance from the owner. That's just good design practice in an environment where there is more than enough computing power available.
I'm aware that there are places where you have to hand your keys over to law enforcement... with which I have no real problem provided the due process of law is followed. But at least properly managed/segmented encryption can prevent a fishing trip. And in the worst case if you were being falsely accused of something really awful then you might decide that the penalties for not handing over the keys were less severe than the penalties for having the data available. At least you would get the choice.
Re:It's not the function that's the problem (Score:5, Informative)
Re: (Score:3, Informative)
Re: (Score:3, Funny)
Re:It's not the function that's the problem (Score:4, Interesting)
Re: (Score:3, Interesting)
It burns me a little that "Vista" and "Microsoft" are in this posting/article because it's the technologies that make people's lives easier that also make them more open to computer forensics finding deleted data, etc.
However, while I'm sure
Re: (Score:2)
Re: (Score:2)
It's like anyone ever got the attention of law enforce
Re:It's not the function that's the problem (Score:4, Funny)
In the US at least is the 5th Amendment still part of the constitution? If you tell the court that giving out the password is like testifying against yourself, does the 5th still protect the accused? Did it ever really work that way?
That part is kind of unclear (Score:3, Informative)
Re: (Score:2)
Re: (Score:2)
I guess it is useful, make privacy threatening features to force people to use the closed encryption mechanisms that make you unable to dual boot, ain't that awesome?
If you're going to troll, do it about something you know about. Despite the name, Bitlocker is logical volume encryption; nothing forces you to encrypt the whole drive. Nothing prevents you from having a dual-boot system.* Yes, I know there's a Register story that says otherwise; if you believe the Register, I have a bridge to sell you.
*Caveat: if you're using a TPM module to do the encryption, you need to use the Windows boot loader rather than GRUB as the first boot loader. This is perfectly possi
Re: (Score:2)
I haven't enabled BitLocker yet, since I'm a bit wary of possibly losing the ability to recover data in
Re: (Score:2)
Encryption useless in civil Discovery (Score:2)
My bigger concern is what happens to the excess (not admitted into evidence) data. IE, almost all of it. That really needs to be ke
Re: (Score:2)
Coupled with a filesystem design that uses fresh secure rand
Progress? (Score:3, Funny)
Now that's progress.
How is this possible? I reinstall Win every week (Score:5, Funny)
This habit was developed during Win95, WinSE, WinXP SP1, and WinVista Beta
What? There was evidence there? Ooops, sorry... my standard operating procedure wipes the disk once a week.
Message to criminals: Use Linux (Score:5, Funny)
Then: you are using Linux, what have you got to hide ?
The next step is: Only criminals use Linux
I have just realised: I am typing this at a Linux box. I had better go down and turn myself in at the cop shop.
Re: (Score:2)
Easy fix to this (Score:2, Funny)
Nothing too new about this.... (Score:2, Interesting)
For quite some time, it's become easier to find out anyone's business as they used their computer, even in Windows XP. It just seems that with Window Vista, it's easier to make the discovery. Keep in mind, it's not just the operating system doing the copies, but it's also applications that do so as well.
From the "temporarily copied" documents viewed in Microsoft Outlook, to the cached images stored by Internet Explorer, and still yet to the meta-data stored in Word documents. (There have a been a few t
ERASER == goodness (Score:2, Informative)
Not sure if it helps in this case, though.
Computer OS (Score:3, Interesting)
Now, when that OS has deliberate code to track and monitor a users 'usage', it really is no more a tool to run a computer, but rather a tool to watch a user. The main job of that code is absolute control of the computer taken away from the user.
MS have been trying to do this for years, and now it looks like they have succeeded ~ and the sheep follow and buy the crap.
It is pretty scary that this succeeds at all. I mean, nobody in their right mind would buy a car that recorded every single journey and 'phoned home' every time you exceeded a speed limit, or the car stopped at changing traffic lights, even though you didn't need to... the world would be in uproar and the car would most definitely not sell at all.
Yet the sheep still but this crap...
Re:Computer OS (Score:5, Insightful)
One good use of this is.... (Score:2)
Seriously, this seems to contridict recent reports that linux is less secure then Vista.
So when is all the MS promotional hype going to be exposed for what it really is, a bunch of contradictory lies.
Is anyone keeping an accounting of all the Bull Shit coming out of Mircosoft promotion?
So it can be added up to find MS OS is ad promoting spyware that takes up resources that can b
Re: (Score:2)
This was done YEARS ago, yet people keep buying their products.
Re: (Score:2)
Obviously Linux isn't less secure than Vista, but that has nothing to do with this. Data retention for the purposes of versioning ("shadow copy"), searching ("Instant Search") and file system integrity ("TxF") have, to a first approximation, little or nothing to do with security from external attacks.
restore previous versions (Score:2)
I assume something like wipe would do a unrecoverable delete.
Does anybody know. If a program does fopen("myfile.txt", "w+") is a backup made?
Re: (Score:2)
(BTW, previous versions can be deleted from Disk Clean-up, the "More Options" tab)
Is it safe? (Score:2, Funny)
Excellent.... (Score:3, Funny)
Never (Score:2)
I read this fascinating article (probably a /. story) about how anti-computer forensics (the art of manipulating computer records and files and any and all data to hide evidence or forge false evidence) can beat computer forensics every time, because the whole idea of computer forensics is to trust what the computer says as truth. The only problem is, someone with enough knowledge of a computer can easily change any and all data... and leave no evidence of tampering. Date and time stamps can easily be man
VMWare/VirtualPC not a solution (Score:3, Interesting)
I think after about 90 days (more or less, I don't use it that much) I have noticed the Windows installation corrupts itself everytime with the same error (blue screen on startup saying it can't find a specific file in the \system folder), call Microsoft and all they know is that you should apply the latest patches (but I'm not on the Internet, I'm in a controlled environment)
I have had it with different systems (Mac, PC, Linux) and there was no special software running on the virtual machines and all networking and file transferring was blocked.
Re: (Score:2)
Can you cite source? Specificly in direct relation to XP? And more importantly are they stand alone versions of Vista, or the Microsoft Tax (Bundled with your computer, even if you don't want it)? As far as I'm aware most people aren't choosing Vista when they have the choice.
Re: (Score:3, Interesting)
Care to highlight why I'd want to u
Re: (Score:2)
Re: (Score:2)
oh.. that was the Romans.
Re:Just some more... (Score:5, Informative)
The DRM only applies to (shock) DRM-enabled content that you buy. It was a choice between layering in the DRM or not allowing people to view that content on the PC at all, a choice enforced by the big media companies who own the content. Yes, Microsoft could have stood up and said no, and in doing so crippled Blu-ray and HD-DVD functionality in Vista. Surprisingly, despite Slashdot's wanton hatred of it (I don't particularly care for it either), very few consumers care about DRM, so they went ahead and gave people access to that content.
For security, two of your articles were published before Vista was even released to the public, and the only relevant link just explains that if an installer requests admin mode, you can give it admin mode and it can do what it likes, citing a 'malicious freeware Tetris installer'. The article fails to mention that this happens in the same way for both OS X and Linux, instead of trying to be useful and educate readers on using their common sense when downloading software.
Saying 'security has to be disabled for Vista to be useful' is just plain bullcrap. Turning off UAC merely stops giving you the choice to run programs as admin. UAC doesn't prevent any programs from running unless you say you don't want it to run. You may want to clarify that point.
Expense (as always) is in the eye of the beholder (I paid my £70 and have never regretted it), and considering hard drive costs are down to 30-40 cents a Gigabyte, then the extra space costs are inconsequential. As most people only get a new OS with a new computer they will probably never even concern themselves with this point.
You didn't provide links to prove 'clunky' or 'privacy-invading', which doesn't surprise me.
The article you linked to for 'insecure' says "Microsoft, Kaspersky and Sophos think that you don't need kernel access to keep it safe from viruses, but Symantec and McAfee don't agree. They're bigger than the other two vendors and Microsoft is biased so they must be right".
Your final link takes the cake because it links to a list of blogs and none of them mention Microsoft at all.
So, why would you want to use Vista? You wouldn't. Nothing to do with usability, or features, but because you obviously prefer using Linux to the extent that you're prepared to parrot the FSF line without actually understanding it.
My plus points with Vista include:
- Playing MP3s and DVDs without breaking the law (fair law or not, still a law)
- Being able to play the latest games without needing a degree in Computer Science
- Being able to perform 99% of my system tasks without referring to the CLI
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I don't know why I'm replying to an AC, but this really bothered me.
OK, first, DRM is not the law. It is a scheme that copyright holders have been trying to force on consumers because they imagine that everyone they do business with is a cri
Re: (Score:2)
Re: (Score:2)
Technically, the first version of Windows that came with a DVD encoder was Vista (and only in the premium and ultimate SKUs). On the other Windows versions, the DVD decoder came with the video card.
Re: (Score:2, Insightful)
Damn right, it's insecure, unsafe and not safe! (Score:2)
Re: (Score:2)
I'll address security as the rest of the "design" arguments and functionality are more subjective.
So Gosling says that C/C++ Interop is a huge security risk? No not really. Overall it's not a security risk this to some extent has been proven over the last 6 years. When is the last time a severe and exploitable vulnerabilty has been published for
Re:Just some more... (Score:4, Informative)
Because there aren't any. Seriously. I've been using Vista (Business) all summer; I should know. Yes, it has fancy GPU-accelerated graphics. But they don't do me any good because they suck my battery life (it's the difference between lasting through a lecture worth of note-taking in OneNote, or not). Yes, it has better support for Tablet PCs... but only ever so slightly better. Other than that, the only differences I notice between it and XP are all negative: shitty or missing drivers, annoying bugs, infuriating UAC (if it asked me to confirm an action once, it'd be okay. But it often asks me twice: once by the app, and once by the OS). It's so bad that -- even though Tablet PC users should have the most improved experience in Vista of any group -- I'm switching either back to XP or to Ubuntu once the semester is over.
Re:Just some more... (Score:5, Insightful)
Right, karma to burn. How the hell is this "Informative"? "+5 Groupthink", or "+5 Telling me what I want to hear", sure. But there is no information here at all - Vista does have some "good features", regardless of what some people think. Answering your points specifically
1) Eye Candy: If you don't like it, turn it off.
2) Missing or shitting drivers: I have not noticed, nor do I know anyone who has noticed, Vista not supporting hardware that XP supported. Shitty drivers, well, this is a more reasonable concern, but it applies in my experience only to graphics, and then only to people for whom a 5-10% drop in performance (until nVidia get their ass in gear) is a "shitty problem". It's *vastly* better than Linux in this regard.
3) UAC: You're doing it wrong. I have not seen a UAC prompt that wasn't because I launched an app that required admin priviledges for weeks. Sure, when you're setting up the system, you get them a lot - much like in Linux, where you prefix half the first weeks commands with "sudo". After that, if you're seeing it more than once or twice a week, you need to seriously look at what kinds of software you're running that constantly need "root" access.
As to a sample of "good points"
1) New graphics and sound stack is vastly superior - I can set sound volume on a per application basis, automatically, using an simple interface built right in. No more stupid Flash in Firefox blaring away at 80db when I'm listening to music via iTunes.
2) Integrated search - Works as well as Spotlight for me, and I thought Spotlight was the best thing since sliced bread.
3) UAC - Yes, in my eyes, this is a good thing (and the biggest step forward in Vista). Windows no longer uses an "Admin for everything" model, something most people have been crying out for it do have for years.
Does it add anything *huge* over OS X, or even XP? No. Since when has a new OS release added anything world changing? They have been, since OS X 10.0, Linux 2 and Windows 2000, incremental. Is the DRM stuff a bad route? Yes. Does Vista use too many resources? Well, the idle footprint over my OS X machine isn't significantly greater - I would say it *does* use a too much, but frankly, as my machine is fairly modern, I don't notice. In many operations, it's faster than XP.
Should we all move to desktop Ubuntu? I don't know - I use Linux on servers, but it's still not ready for desktops, in my eyes. A technically semi-literate friend installed it on his Laptop, as someone had preached too him, and it *mostly* worked - except sound, which was a huge pain in the ass, and even I (with years of Linux experience) couldn't make work. Mostly is not good enough (he bought an OS X laptop to replace it, and is very happy). When Linux sorts out these issues, and gets a decent suite of end user software (no, Openoffice is not good enough to be an Office replacement), I might consider putting friends and familiy onto it.
Is Vista the devil? No. It's no worse than XP, and has several significant features that make it better, much like XP over 2000.
Re: (Score:2)
Integrated search - Works as well as Spotlight for me, and I thought Spotlight was the best thing since sliced bread.
I've never used Spotlight except for when I'm trying to find something that someone else created on the computer. It does work well, but I don't need it.
They have been, since OS X 10.0, Linux 2 and Windows 2000, incremental.
For the money you're paying (to upgrade, much less buy the full version), it should be more than an incremental update.
Re: (Score:2)
Wow, with all that expertise being used to negatively judge Vista, how on earth could any person ever argue with you...
1) People shouldn't listen to SlashDot for Windows Expertise advice.
2) When you have been using it for only a month, you should keep your mouth shut.
3) Everything you mention is either poorly informed or an opinion. For example:
But they don't do me any good because they suck my battery life
Yet, most experts that have done actual t
Re: (Score:3, Interesting)
No, Vista is being pre-installed on new computers.
Vista is not selling well, people do not want it, and
companies are being told to stay away from it*
> and many people I know are using it without any complaints.
Many people I know are switching to Ubuntu. See how that statement works?
> Why are the good points about Vista never mentioned on Slashdot?
Um because most of the people that come here just see history repeating
itself.
[*]
http://www.tech.co.uk/computing/so [tech.co.uk]
Re: (Score:2)
Vista has good points? (Score:2)
To date, I have made two honest attempts to switch from XP to Vista, and both times I ended up wiping the Vista install and going back to XP. First of all, not all hardware from XP is supported (I suspect the new DRM requirements in the OS for my difficulties here), and some of the hardware that is supported suffers from buggy drivers (e.g., nVidia). Then, there's the user interface. Not as ugly as XP's Fischer-Price interface, but nothing to write home about, either. I'd rather not waste the CPU
Re: (Score:2)
PS-- I've used Linux since 1995. I use it all day at work for the last 7 years. I've tried it on a home PC several times in the last decade. I prefer Windows. Shoot me. In fact, I prefer Windows to OS/X which
Re: (Score:2)
Unlikely. Even if people liked Vista -- and many don't -- you'd be hearing some complaints. These users are human, right?
A few folks who don't like Vista
Re:Just some more... (Score:5, Insightful)
As for privacy, to the extent that this sort of thing requires a legal order to hand over the information, I can't really see that it's an issue of privacy. If it is accepted that preserving the rule of law sometimes requires surrendering information that would otherwise be considered private, then that is the end of the matter: the information in such instances has ceased to be private.
If a PC is stolen, that is another matter, but in such cases, encryption can be used to prevent private data falling into the hands of thieves. This arguably makes a PC with appropriate encryption enabled safer than paper records.
Man, you haven't seen my handwriting... :-) (Score:2)
As such its as individualistic and unbreakable as a crypto "one-time-pad."
Re: (Score:3, Insightful)
Allow me to edit the above:
If you wish to secure your data from unwanted intrusion, you'd probably be wise to avoid using Vista which records your activities using methods not found in previous Microsoft systems, or other systems in general.
Re:Just some more... (Score:5, Insightful)
The reality is that most users like the ability to index and search their data, and to recover previous versions of a file, as well as the better reliability offered by transactional file operations. In the general case of a non-criminal user, these features provide far greater benefits than the potential harm of having their activities more effectively analysed by law enforcement officials, in the highly improbable case of a legal order to hand over their data.
Re:Not to worry (Score:4, Insightful)
bassackwards (Score:2)
PS: the "if you don't have anything to hide.. blah blah" argument is a load of horseapples and only a MORON doesn't know that.
Re: (Score:3, Informative)
Re: (Score:3, Insightful)
YOU should be the one to decide if your OS phones home, if it stores every keystroke you ever made, if it keeps copies of all the files you ever had, etc.
Just like a bad doctor who decides for his patient, Microsoft has decided to take choice away from the user. The only choice you are limited to now if you don't want the OS to do this is to choose another OS.
Fabricating Evidence and Framing People (Score:2)
Unfortunately, this technology is very likely to be misused by uninformed people in the legal profession. The example of the school teacher accused of spreading porn come to mind. http://arstechnica.com/news.ars/post/20070214-885 0 .html [arstechnica.com]
Some prosecutors are likely to take the evidence from Vista as proving a person did something very bad. The evidence only the computer did something very bad. A rogue third party could have hijacked the computer and planted the data there. With current spyware and adware