CPE Credits: 3
Description:
Today's digital world is both exciting and at times overwhelming. Although the tools for managing digital information have grown in capability and richness, they still require an investment in time to determine what effect these tools will have on existing core business activities.
Windows Vista first introduce in 2007, aims to increase the level of communication between machines on a home network, using peer-to-peer technology to simplify sharing files and digital media between computers and devices, and to help ensure that company PCs are more secure and reliable. New with Vista, is BitLocker, an innovative drive encryption technology, which when enabled, automatically encrypts all files on a personal computer’s hard disk drive, to prevent information from being read by others if a computer is lost, stolen or sold.
This session will address what impact Microsoft's new operating system, Vista, and its new encryption utility, BitLocker, will have on computer forensics investigations.
Audience:
This seminar is intended for internal and external audit professionals, General Counsels, Chief Security Officers, Controllers, InfoSec professionals, anyone interested in obtaining a better understanding of and general introduction to the impact which Vista may have on conducting successful cyber forensic investigations.
Prerequisites: Attendees should possess a basic understanding of information technology concepts. Learning level – basic. No advanced preparation is required for this seminar.
Objectives:
After completing this seminar, participants will be able to:
Identify the various Vista versions and the specific features of each version.
Pinpoint computer security risks and remedies associated with the Vista operating system with respect to forensic investigations.
Determine necessary modifications of an incident response plan resulting from Vista’s treatment of forensically important files
Reassess priorities in a cyber forensic investigation.
Develop policies for the preservation of computer evidence under this new IT operating environment.
Implement solid computer forensics processing methods and procedures which work within the boundaries and limitations presented by Vista
Develop the documentation of computer forensics findings for executive management review.
Coordinate Forensic Pre-Incident Preparation.
Identify volatile data, photos, physical media, and log files through Vista
Determine procedures necessary to conduct sound forensic analysis of the collected information.
Course Outline:
File structure changes
BitLocker issues affecting search and seizure
Considerations for changes to incident response procedures
Can a BitLockered drive be imaged?
Vista enhancements to Thumbs.db
Diving into the Recycle bin
Internet Explorer feature—clearing all evidence with one click
Disk clean up utility
Event logs and the .evtx file format
Restore points
Previous versions and Shadow copies
Vista and The registry
Prefetch under Vista