Friday, October 16, 2009


What challenges do you face in Windows forensic analysis?


Anonymous said...

MySpace and Facebook messaging and web based email now leaves no artifacts behind. I can show they went there but I can't show what they did inside.

Anonymous said...

How about:
- Web 2.0 services: a lot of data is no longer written to local disk, it seems. Same thing with some chatservices.
- Big disks: 1 Tb is getting common in desktops, and servers already go way beyond that. It takes up space and (more importantly) time!
- Encryption. Somehow, Truecrypt is getting more and more used as standard encryption (alas, not MS encryption solutions)
- Time! Clients want faster results, but we get more data per case.


Paul Bobby said...

Subpoenas for the win.