Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: Adliah
New Today: 0
New Yesterday: 0
Overall: 29360

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 Swtor2credits Surper sale II for Thanksgiving:up to 10% off
 Senior Cyber Forensic Incident Response Consultant -Cambs UK
 A question for students and newbies
 E-DISCOVERY & DATA RECOVERY? WHICH ONE IS BETTER?
 Computer Forensic in e-commerce

Computer Forensics World Forums


Pages Served
We received
51302158
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - Computer Forensic Homework Help
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Computer Forensic Homework Help

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Forensic Software and Tools
View previous topic :: View next topic  
Author Message
ana
Newbie
Newbie


Joined: Dec 27, 2013
Posts: 7

PostPosted: Sat Dec 28, 2013 10:51 am    Post subject: Computer Forensic Homework Help Reply with quote

I am trying to get a little more help in understanding the affect on forensic computer examiners data acquisition once windows XP and Vista are phased out. I have researched everything I can think of but it seems like it just depends on the operating system. Maybe I have over analyzed but now i am so confused.


Thank you very much for your replies... as you can see i am quite stuck on this. I seem to be researching further and further and I think I am digging myself into an overwhelming hole!!!!!

Below is the specific homework assignment to may be help in more guidance:

"Windows XP is no longer provided on new computers or sold commercially as Microsoft phases it out. Windows Vista is also being phased out in favor of Windows 7. What effect might these changes have on data acquisitions for new machines? Using Internet search engines, research Windows 7 and its new technologies. Then, write a paper no longer than three pages detailing additional steps and procedures forensic examiners may face in performing data acquisitions on new machines."

Thank you again for any and all assistance!


Last edited by ana on Thu Jan 16, 2014 8:05 am; edited 1 time in total
Back to top
View user's profile
athulin
Newbie
Newbie


Joined: Oct 19, 2007
Posts: 238

PostPosted: Sat Dec 28, 2013 5:53 pm    Post subject: Re: Computer Forensic Homework Help Reply with quote

ana wrote:
I am trying to get a little more help in understanding the affect on forensic computer examiners data acquisition once windows XP and Vista are phased out.


What kind of acquisition are you referring to? As you mention XP and Vista it seems likely that you refer to live acquisition ... as post mortem acquisition deals some kind of storage device.

Quote:
... but it seems like it just depends on the operating system.


Live acquisition is done using the operating system and its services, so it very much depends on them. Live file volume acquisition probably depends more on file system services, and thus can be fairly independent on variants of the OS platform (i.e. moving from Vista to Win7 probably won't change a lot) while memory acquisition is likely to be more sensitive to platform changes.

Is it just a question of 'what changes between Vista and later Windows OS releases affect forensic acquisitions?'
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Sat Dec 28, 2013 11:30 pm    Post subject: Re: Computer Forensic Homework Help Reply with quote

ana wrote:
I am trying to get a little more help in understanding the affect on forensic computer examiners data acquisition once windows XP and Vista are phased out.
I do not think there is much that will change in the acquisition phase of forensics when XP and Vista are phased out.

Phased out is somewhat vague. For example all the doomsayers are writing articles about how there will be hordes of p0wned XP machines in the coming months after Microsoft phases out support for XP. Is that the phased out you reference?

As the phase out of XP and Vista continues and those OSes are replaced by 7, 8, or people and companies abandoning MS and going to Mac or Linux, it will create opportunities for examiners to perform new research on the location of artifacts for those OSes. Is that the phased out you reference?

ana wrote:
I have researched everything I can think of but it seems like it just depends on the operating system. Maybe I have over analyzed but now i am so confused.
What exactly is being asked in your homework? If you could post a more verbatim sample of the question you are more likely to be pointed in the right direction. As asked athulin and I have given some ideas, yet we may have added to the confusion.

The more information you provide, the more narrowly people will be able to tailor their responses. Help us help you by giving us more information about the assignment and about what you have already done.
Back to top
View user's profile
cgover
Newbie
Newbie


Joined: Jul 29, 2012
Posts: 1

PostPosted: Mon Dec 30, 2013 12:00 am    Post subject: Computer Forensic Homework Help Reply with quote

I am not sure exactly what you are asking...see if this article might help

http :// www . dfinews . com/articles/2013/10/windows-artifacts

Moderator Note: No Direct links are allowed.
Back to top
View user's profile
ana
Newbie
Newbie


Joined: Dec 27, 2013
Posts: 7

PostPosted: Thu Jan 16, 2014 1:09 pm    Post subject: Re: Computer Forensic Homework Help Reply with quote

[quote="ana"]I am trying to get a little more help in understanding the affect on forensic computer examiners data acquisition once windows XP and Vista are phased out. I have researched everything I can think of but it seems like it just depends on the operating system. Maybe I have over analyzed but now i am so confused.


Thank you very much for your replies... as you can see i am quite stuck on this. I seem to be researching further and further and I think I am digging myself into an overwhelming hole!!!!!

Below is the specific homework assignment to may be help in more guidance:

"Windows XP is no longer provided on new computers or sold commercially as Microsoft phases it out. Windows Vista is also being phased out in favor of Windows 7. What effect might these changes have on data acquisitions for new machines? Using Internet search engines, research Windows 7 and its new technologies. Then, write a paper no longer than three pages detailing additional steps and procedures forensic examiners may face in performing data acquisitions on new machines."

Thank you again for any and all assistance!

Research I have gathered:

"If Computer Forensic Examiners are needing XP

You can not revert from Windows 7 back to XP. That is considered a downgrade and the Windows installer blocks you from being able to do that. If you want to go to XP you will need to format the hard drive, which will totally wipe Windows 7 (and all your files and programs) off the computer and then do a fresh install from CDs of the XP program. Before doing that, make sure that you confirm that there are drivers for XP for your computer. Most computers that are less than 3 years old will not have drivers and so can not run XP. Also be aware that Microsoft discontinues all support for XP on April 18th of next year. And good luck finding a copy of XP to install, MS stopped selling it 5 years ago.

But if you want to downgrade to Windows XP, you will have to reformat the entire hard drive and use a Windows XP installation disk to install a fresh copy of the OS on your computer. You will need a license key for XP to activate it, unless you find someway to crack it (not legal).

REVIEWS OF WINDOWS 7
http :// windows-operating-system-reviews.toptenreviews . com/windows-7-p48158-video-1.html

W@indows 7 did not provide a product key to update from XP. Therfore, users will have to manuall back up0 all files and then do acomplete install.Afterwards you will have toi reinstall all programs which means you may need to manually find the new drivers for windows 7 which coiuld take hoursw if you dont know where to look

Multimedia function has been revamped new features will be able to stream media files from one computer to another and allow remote access from any PC with internet connection


The impact of Microsoft's Windows 7 on computer forensics examinations
http :// ieeexplore.ieee . org/xpl/articleDetails.jsp?reload=true&arnumber=5478284

most important challenge to computer forensics examiners is access to the suspect's files on a computer. The introduction of BitLocker, which debuted with Microsoft's Vista operating system, provided a major barrier to investigators because this encryption tool could encrypt at the file, folder or drive level. Further advances to this tool in Windows 7 create even greater barriers to access; Microsoft's BitLocker To Go now goes beyond just hard drive encryption but also encrypts a system's associated devices. This research will also identify changes, which were introduced with Windows 7, and in response to a shift in consumer demand. The most notable shift in consumer demand, found by the authors of this research, is in Microsoft's integrated touch-screen capabilities."

with the research I have based on the circumstances of phase out computer forensic investigators may face some challenges but more so tedious than worrisome.

Moderator Note: Direct links are not allowed.
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Thu Jan 16, 2014 1:53 pm    Post subject: Reply with quote

Not sure where that info is from, but it is wrong.

There are "downgrade rights" on many versions of Windows.
"http://www.microsoft.com/oem/en/licensing/sblicensing/pages/downgrade_rights.aspx#fbid=Eg59ZVeFIb7"

So if you have Windows 7 Pro for example you have downgrade rights to XP.

There is an upgrade from XP to 7.
"http://windows.microsoft.com/en-us/windows7/help/upgrading-from-windows-xp-to-windows-7#T1=tab01"
"http://windows.microsoft.com/en-us/windows7/upgrading-to-windows-7-faq"

There are still upgrades to 7 Pro at many leading retailers
"http://www.amazon.com/Microsoft-Windows-7-Professional-Upgrade/dp/B002DHGM50/ref=sr_1_3/188-8222769-3647951?ie=UTF8&qid=1389844016&sr=8-3&keywords=window7+upgrade"

While BitLocker is quite secure it is not available in most of the common versions of 7.
"http://technet.microsoft.com/en-us/library/ee449438(v=ws.10).aspx#BKMK_Vista"
Back to top
View user's profile
ana
Newbie
Newbie


Joined: Dec 27, 2013
Posts: 7

PostPosted: Sun Jan 19, 2014 11:14 am    Post subject: HELP!!! Reply with quote

Im beyond confused and coming down to the wire. Anyone guide me back on the right tack, please?
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Sun Jan 19, 2014 1:17 pm    Post subject: Re: HELP!!! Reply with quote

ana wrote:
Im beyond confused and coming down to the wire. Anyone guide me back on the right tack, please?
I am really scared about your abilities to work in forensics if you cannot research such a basic topic.

Maybe these will put you back on track:
"http://computer-forensics.sans.org/summit-archives/2012/windows-7-forensic-analysis.pdf"

"http://www.irongeek.com/i.php?page=security/windows-forensics-registry-and-file-system-spots"

"http://computer-forensics.sans.org/blog/2009/10/27/windows-7-computer-forensics/"

As noted in the Carvey paper there always seems to be trepidation when new technology is introduced until such time as the forensics catches up.

One area in Windows 7 that was not understood until more research was performed was Jump Lists. Now they are recognized as a very important artifact.

In Windows 7 number of Registry artifacts that examiners had been familiar with moved to new locations, had their data changed, or were removed all together.

The file structure changed with locations such as user folders moving to a new location.

There are more things at a deeper level however if you have to write about this in three pages or less you are probably covered.
Back to top
View user's profile
ana
Newbie
Newbie


Joined: Dec 27, 2013
Posts: 7

PostPosted: Sun Jan 19, 2014 2:02 pm    Post subject: homework help clarification Reply with quote

I have no desire to work in computer forensics but thank you for your concerns. In life we sometime have to take classes that require us to touch on the subject in an assignment or chapter. Also, it takes knowledge, training, mentorship and lots of research and learning to become good at something. Knowledge is power, hence why I am in school! I requested help because I am so confused on this assignment. I am not asking anyone to do it for me. I am merely asking for a direction and some guidance. Clearly I have tried some research on my own and that is why I am not sure where this is unfolding.

Thank you again for all your assistance.


Respectfully
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Mon Jan 20, 2014 12:27 am    Post subject: Reply with quote

I have to research areas that I am not familiar with either, but that is neither here nor there.

I still want to make sure you get your paper written so that you accurately represent the state of the industry. Your previous post with the "facts" you found about upgrade and downgrade rights between XP and Win 7 show one of the concerns when researching on the Internet; that of misinformation being taken as fact just because it is posted on a website. It was trivial to find the correct information from Microsoft, however since you are perhaps not in the industry you found information that appeared correct and used it as fact.

athulin, cgover, and I have all posted information about the challenges (perceived or real) examiners face when faced with a Windows 7 exam rather than the XP exam many were familiar with.

Funny though this must be a class that has been around a while because XP is the exception rather than the norm. The modern question is how do the changes in Windows 8 impact forensics and how do examiners research those changes?

But back to your homework, do you still need guidance or do the items previously posted help? I think the paper from Carvey in the link I posted answers all your questions, but perhaps not. If not what information would help?
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Forensic Software and Tools All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.