The Windows Incident Response Blog is dedicated to the myriad information surrounding and inherent to the topics of IR and digital analysis of Windows systems. This blog provides information in support of my books; "Windows Forensic Analysis" (1st thru 4th editions), "Windows Registry Forensics",
as well as the book I co-authored with Cory Altheide, "Digital Forensics with Open Source Tools".
Friday, October 16, 2009
Challenges
What challenges do you face in Windows forensic analysis?
3 comments:
Anonymous
said...
MySpace and Facebook messaging and web based email now leaves no artifacts behind. I can show they went there but I can't show what they did inside.
Challenges? How about: - Web 2.0 services: a lot of data is no longer written to local disk, it seems. Same thing with some chatservices. - Big disks: 1 Tb is getting common in desktops, and servers already go way beyond that. It takes up space and (more importantly) time! - Encryption. Somehow, Truecrypt is getting more and more used as standard encryption (alas, not MS encryption solutions) - Time! Clients want faster results, but we get more data per case.
3 comments:
MySpace and Facebook messaging and web based email now leaves no artifacts behind. I can show they went there but I can't show what they did inside.
Challenges?
How about:
- Web 2.0 services: a lot of data is no longer written to local disk, it seems. Same thing with some chatservices.
- Big disks: 1 Tb is getting common in desktops, and servers already go way beyond that. It takes up space and (more importantly) time!
- Encryption. Somehow, Truecrypt is getting more and more used as standard encryption (alas, not MS encryption solutions)
- Time! Clients want faster results, but we get more data per case.
Roland
(digintel)
Subpoenas for the win.
Post a Comment