Microsoft Vista: Serious Challenges for Digital Investigations

Microsoft’s Vista (“Vista”) can be seen as a dramatic departure from previous versions of the vendor’s operating systems, in terms of security and file systems. This vendor’s technical advances in security have created problems for law enforcement and other computer forensics investigators. This paper will illustrate how changes to Vista’s file systems will impede the retrieval of inculpatory evidence by prosecutors; the discovery of digital evidence on a system is more problematic in a Vista environment. The successful conviction of a defendant is reliant upon a prosecutor effectively demonstrating control, ownership and intent relating to the data found on the perpetrator’s computer. However, a machine running Vista is likely to negatively impact these findings. This paper will seek to guide the forensics investigator through the plethora of Vista operating system changes and provide suggestions for alternative methods of data discovery.