Chapter 3: Windows Forensics Basics

Previous page
Table of content
Next page

Overview

Since the transition from the MS-DOS, command promptbased platform, Microsoft Windows has been the predominant client operating system in both home and corporate environments. Today, Windows is by far the most prevalent operating system present in the corporate world. There are very few large organizations that do not have some Windows machines, and in most organizations, Windows machines make up the bulk of the environment. Since early 2000, Microsoft has taken over the corporate server marketplace in terms of the number of individual servers shipped annually.

There are numerous challenges for the computer investigator , given the pervasiveness of Windows. The existence of exploitable security flaws in Windows-based systems is a particular challenge. Because of the enormous installed base of systems, a single flaw can affect a significant amount of infrastructure in a typical company. It becomes impossible or at the very least impractical to trace the origins of a worm such as Slammer, and when an active infection occurs, the crisis can make a more directed attack difficult to detect.

Similarly, the perceived insecurity of Windows systems is changing the courtroom landscape. Recent claims that insecure operating systems or malicious software are responsible for user actions have already been put forth successfully as arguments in British court systems, and it is only a matter of time until American courts are faced with similar arguments. At the same time, the increasing complexity of Windows has actually added some benefits for the forensic world. Increased amounts of slack space, the use of paging files, and the inclusion of user-friendly features such as autofill forms using Intelliforms have increased the number of places a computer investigator can hope to find information.

Windows will continue to evolve , and the computer investigator will need to maintain familiarity with new versions to continue to perform effective analyses. The remainder of this book will focus on the most prevalent versions of Windows currently available 98, 2000, XP, and Server 2003 with notes of significance for older versions.


Previous page
Table of content
Next page
Windows Forensics. The Field Guide for Corporate Computer Investigations
Windows Forensics: The Field Guide for Corporate Computer Investigations
ISBN: 0470038624
EAN: 2147483647
Year: 2006
Pages: 71
Authors: Chad Steel
BUY ON AMAZON
Qshell for iSeries
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
Introduction to 80x86 Assembly Language and Computer Architecture
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Microsoft WSH and VBScript Programming for the Absolute Beginner
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy