Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2008.15-C.3.141

Analysis of Windows Vista Security System for Forensic Examination  

Hwang, Seong-Ho (건국대학교 컴퓨터공학부)
Nam, Hyun-Woo (건국대학교 컴퓨터공학부)
Park, Neung-Soo (건국대학교 컴퓨터공학부)
Jo, Su-Hyung (한국전자통신연구원 암호기술연구팀)
Hong, Do-Won (한국전자통신연구원 암호기술연구팀)
Publication Information
The KIPS Transactions:PartC / v.15C, no.3, 2008 , pp. 141-148 More about this Journal
Abstract
Windows Vista published by Microsoft provides more powerful security mechanisms than previous Windows operating systems. In the forensics point of view, new security mechanisms make it more difficult to get data related to the criminals in a storage device. In this paper, we analyze BitLocker introduced as an new security mechanism in Windows Vista. Also, compared to the previous Windows operating systems, the changes and security issues of UAC and EFS in Windows Vista are discussed in the forensics point of view. Futhermore, we discuss other characteristics of Windows Vista useful for forensic examinations.
Keywords
Windows Vista; BitLocker; TPM; Windows Forensics;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Andreas Schuster, “Introducing the Microsoft Vista event log file format,” Digital Investigation Vol.4, Supplement-1, Sep. 2007, pp.65-72   DOI   ScienceOn
2 Douglas Maclver, “Penetration Testing windows Vistatm BitLockertm Drive Encryption,” HITBSecConf2006, 2006
3 Andrey Malyshev and Serg Vasilenkov, “Security Analysis of Microsoft Encrypting file System(EFS),” Black Hat Europe 2003 Conference, 2003
4 Lance Mueller, “First Looks Basic Investigations of Windows Vista,” Computer and Enterprise Investigations Conference 2007
5 Microsoft Corporation, “Windows BitLocker Drive Encryption Frequently Asked Questions,” http://technet2.microsoft.com/WindowsVista/en/library/5835 8421-a7f5-4c97-ab41-2bcc61a58a701033.mspx, 2006
6 Microsoft Corporation, “BitLocker Drive Encryption : Scenarios, User Experience, and Flow,”http://www.microsoft.com/whdc/system/platform/hwsecurity/BitLockerFlow.mspx, 2006
7 Microsoft Corporation, “Windows User Account Control Step-by-Step Guide,” http://technet2.microsoft.com/WindowsVista/en/library/0d75f774-8514-4c9e-ac08-4c21f5c6c2d91033.mspx, 2006
8 Microsoft Corporation, “Getting Started with User Account Control on Windows Vista,” http://technet.microsoft.com/en-us/windowsvista/aa906022.aspx, 2006
9 Microsoft Corporation, “Windows Vista Developer Story(Help File),” http://msdn2.microsoft.com/en-us/windowsvista/aa904951.aspx, 2006
10 Microsoft Corporation, “How EFS Work,” http://www.microsoft.com/technet/prodtechnol/windows200 0serv/reskit/distrib/dsck_efs_duwf.mspx, 2006
11 Microsoft Corporation, “Windows Data Protection,” http://msdn2.microsoft.com/en-us/library/ms995355.aspx, 2006
12 Jim Moeller, “Microsoft Windows Vista Forensic Jumpstart,” Techno Security 2007
13 Mark E. Russinovich and David A. Solomon, 'Microsoft Windows Internals, 4th Edition,' Microsoft Press, 2006
14 Microsoft TechNet, “BitLocker 드라이브 암호화를 사용하여 데이터를 보호하기 위한 핵심 사항,” http://www.microsoft.com/technet/technetmag/issues/2007/06/BitLocker/default.aspx?loc=ko, 2007 June
15 Shon Eizenhoefer, “BitLocker Drive Encryption Hardware Enhanced Data Protection,” Microsoft WinHEC 2006
16 정준석, 정원용, '임베디드 개발자를 위한 파일시스템의 원리와 실습,' 한빛미디어, 2006
17 Niels Ferguson, “AES-CBC+Elephant diffuser A Disk Encryption Algorithm for Windows Vista,” http://download.microsoft.com/download/0/2/3/0238acaf-d3bf-4a6d-b3d6-0a0be4bbb36e/BitLockerCipher200608.pdf, 2006
18 Microsoft Corporation, “Understanding and Configuring User Account Control in Windows Vista,” http://technet2.microsoft.com/WindowsVista/en/library/00d04415-2b2f-422c-b70e-b18ff918c2811033.mspx, 2006
19 Microsoft Corporation, “BitLocker Drive Encryption Technical Overview,” http://technet.microsoft.com/en-us/windowsvista/aa906017. aspx, 2006
20 Microsoft Corporation, “The Windows Vista and Windows Server 2008 Developer Story : Windows Vista Application Development Requirements for User Account Control(UAC),” http://msdn2.microsoft.com/en-us/library/aa905330.aspx, 2006