Technology And The Recovery Of Forensic Evidence

1478 Words Aug 14th, 2014 6 Pages
Introduction
The history of Windows dates back to September 1981, with windows 1.0, it has gone through many versions since then and is a constantly evolving product. These newer version are both designed to improve the product’s current features and to bring in new ones that will improve the operating system; the aim of this is to gain and maintain market share for Microsoft and improve the user experience. Since Microsoft’s motivation is to have as many people using its product and not to aid or obstruct the forensic examination of Windows based computers, this essay will look at the effects these changes make to the recovery of forensics evidence
This essay will look at a number of features that have been added to windows, from Windows XP to Windows 8 and the effects these changes have made to the recovery of forensic evidence. I will firstly look at selected features that have been added to windows since XP and briefly explain their purpose. I will then look at the changes these feature have had that have made it less likely for the digital forensic scientist to provide useful evidence, and then those that have made it more possible for the digital forensic scientist to provide useful evidence.

Bitlocker
"BitLocker is a data protection feature. Having BitLocker integrated with the operating system addresses the threat of data theft or exposure from lost, stolen, or inappropriately decommissioned computers." (Microsoft, 1)

System Restore
"System Restore automatically…
Open Document