This book includes a plain text version that is designed for high accessibility. To use this version please follow this link.
/ NEWS
NEWS
Microsoft Windows 7 Ships
/ Jumping into Jump Lists
Jump Lists could well be a goldmine. These are brand new,
On 22
nd
October 2009, Microsoft shipped
context sensitive, quick-start menus that allow you to
launch applications with specific functionality preselected.
the latest version of its PC operating system,
For example, using the Internet Explorer 8 (IE 8) Jump List,
Windows 7. Much anticipated by the market,
you’ll see frequently viewed websites where clicking on one
especially after the total failure of Windows Vista will launch IE 8 and take you straight to that site. Using the
to displace its predecessor Windows XP, Windows
Jump List for Windows Media Player 12, you can jump right
into playing your favourite song without having to start the
7 is exciting both Microsoft and the consumer.
application first. Basically, a Jump List allows you to use a
In a ploy to compete with free solutions such as
single click to get to your preferred end state, saving time and
FreeBSD and Ubuntu Linux, this new Microsoft thus increasing productivity.
offering has been scaled back to run on the most
But where is all this Jump List data held? It’s stored in two
places: on the file system and in the registry. Using the menu
modern low-powered netbooks. It doesn’t come preloaded with
to flush the Jump List (by unpinning the program or option) is
all the bloatware Vista had installed by default. To get standard
not enough to remove the data from the system. If you want
applications such as Mail, Movie Maker, and Photo Gallery
to see what was once in a Jump List, but has been removed
you’ll need to download the Windows Live Essentials pack from
through the interface, just take a peek into the registry.
For example, if you suspect your subject has been editing
the WindowsLive.com Web site.
images in Microsoft Paint, taking a look in HKEY_CURRENT_
So, great news all round, right? Well, yes, probably. But what
USER\Software\Microsoft\Windows\CurrentVersion\Applets\
does such a major new release mean for the digital forensic
Paint\Recent File List shows exactly which images were edited.
examiner? For certain it will bring headaches while you wait
Our own testing on the Beta version we’ve been playing with
showed that even deleting the registry key still left some
for your favourite forensic examination tools to catch up (or be
residual information on the drive under the AppData\Roaming\
redeveloped) and you’ll have to get up to speed pretty quickly to
Microsoft\Windows\Recent\AutomaticDestinations directory.
understand and exploit the new information stores, such as Jump
Lists. Updates to Internet Explorer 8 introduce new capabilities
to combat malware and phishing, with features like SmartScreen Digital Forensics – The Future has Begun
being used to warn a user when a Web site attempts to download
a malicious program. However, IE 8 introduces a new feature
called InPrivate Browsing, similar to Firefox’s Private Browsing, A Cybercrime and Forensics Workshop hosted by the Informa-
where no records of any transactions on the Web are stored. tion Technologists Company (www.wcit.org.uk) was held at the
Mozilla says it best: “In a Private Browsing session, Firefox Information Technologists Hall on 12
th
October 2009. The ITC
won’t keep any browser history, search history, download his- was granted livery status in 1992, becoming the 100
th
Livery
tory, web form history, cookies, or temporary internet files.” So Company of the City of London.
there goes another evidence trail you’ll need to find a replace- The ITC has over 650 members coming from all sectors of the
ment for. As far as forensic examination software goes, the usu- ICT field and provides a neutral meeting ground for discussion
al suspects – EnCase and FTK– both seem to be able to support of issues that are central to both the profession and the City of
Windows 7. More specifically they support the Windows 7 file London. The Cybercrime and Forensics Workshop was arranged
system which is still good old NTFS, since the big change known by the ITC Security Panel as the first in a series of workshops to
as WinFS (Windows Future Storage), which would have had explore the challenges of this emerging and complex area.
a massive impact for examiners, never quite made it into this The workshop included presentations by Dr Steve Marsh
release. WinFS may appear in a subsequent service pack, but from the Office of Cyber Security and Andrew Rennison, the
such a radical change to the operating system will need a lot of Forensic Science Regulator. In addition presentations were
planning and cause a lot of pain to OEM software developers. given by the Metropolitan Police Central e-crime Unit (PCeU),
The conclusion here is that Windows 7 won’t cause serious the Forensics Industry, Academia, and the International Infor-
problems for forensic examiners. However, it will undoubtedly mation Systems Security Certification Consortium (ISC(2)).
allow forensic specialists on the side of the defence to use Representatives of government departments including the
the new system to cast doubt on tried and tested Vista and Communications-Electronics Security Group (CESG) attended
XP procedures. The sooner Windows 7 can be proven beyond the limited invitation-only event. Other delegates included
reasonable doubt to make no significant difference to the vendors and forensic service providers, senior academics,
evidence collection process, the sooner forensic examiners law enforcement organisations, specialist interest groups,
can feel comfortable using it to support a case. and commercial training organisations. The purpose of the
6 Digital / ForensicS
DF1_06-07_News.indd 6 29/10/09 5:03:42 pm
Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52
Produced with Yudu - www.yudu.com