Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

VISTA: HAPPINESS ON THE HORIZON OF COMPUTER FORENSICS

August 7, 2007

Ah, how we all worried about Microsoft’s VISTA operating system. While it was in development, the rumor was that Bitlocker encryption would permeate every version of VISTA. But lo and behold, it was reported that the Justice Department had a little talk with Microsoft (stressing how undesirable this would be from a law enforcement perspective) and that idea seemed to go away. As more than one IT company has had occasion to note, the DOJ can be most persuasive, perhaps most particularly when you are already in antitrust trouble. Fortunately for law enforcement and computer forensics technologists, Bitlocker encryption is only available in the highest levels of VISTA (Ultimate and Enterprise), so it will present a far lesser problem than the computer forensic industry originally feared.

The wonderful good news is a new feature called Transactional NTFS, or TxF in bithead jargon, which keeps far more detailed user records. For those who choked on both terms, this means that computer forensic technologists can now tell you not only when someone last accessed the data (the usual limitation today), but potentially all the dates on which they accessed data, going back for months. When is this useful? One prime example is in situations where someone has purloined proprietary data. Now you can show that this data was accessed over and over and again, indicating constant usage of the data. This will be a boon to employers chasing former employees who have hoisted the company’s data to start their own company or to bring/sell it to a competitor.

Then there’s the implementation of shadow copy for the hard drive that VISTA keeps and the new Instant Search technology. This is a huge candy store for those who do computer forensics.

For those who want to know more, there is an excellent article on all this in the July issue of the ABA Journal. The article is entitled “A Lot of Room in Its View” by Jason Krause which may be found at http://www.abanet.org/journal/ereport/jy13tkjasn.html. Of course I have to tip my hat to the computer forensic technologist who was quoted in the article, Sensei’s own Vice President John Simek. I shall gravely consider whether a spot bonus is in order.

E-mail: Phone 703-359-0700

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

VISTA: HAPPINESS ON THE HORIZON OF COMPUTER FORENSICS

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer