Windows

Vista makes computer search easier... for the law


Gavel

An American Bar Journal eColumn article brings us relevant revelations about Vista's improved ability to provide evidence for court.

Innovations within Vista apparently make it far easier to find evidence on PCs. Chief among those are Shadow Copy, Transactional NTFS, and Instant Search.

Shadow Copy holds ‘deleted' data far longer than previous Windows versions, ostensibly for disaster recovery. It increases the ease of undeletion far after an event.

Vista's Transactional NTFS lets investigators build more accurate timelines. "You can look in there and see something was accessed on Monday, Tuesday and Saturday at such-and-such a time going back months," said one forensics expert.

Instant Search indexes are a new source of discoverable information about nearly everything one uses a computer for. "It's Google Desktop on steroids," said the PC sleuth. "It's an indexed database of more evidence stored right there on a computer."

An attorney said Bitlocker encryption might make life easier for small law firms and solo attorneys. If their client provides access to look in a PC, a quick scan might show the chance that data could be found by an expert.

"If you can't afford a forensics expert for every case, at least you can take a look to see if ... some potentially discoverable documents have been on a computer... Once you determine [that], ... then you can talk about hiring experts."

Has your Corporate Compliance Officer been turning handsprings about how Vista makes legal discovery much easier in litigation? Have you considered what's saved in your Vista PCs?

8 comments
alxcsby
alxcsby

It strikes me that a person who was aware that their information would be in danger of being used against them could easily solve the problem. Step one: remove drive. Step two: place drive in microwave. Step three: nuke it. Step four: tenderize and season to taste.

rrussell
rrussell

why would the lawyer even use the computer. Doing so alters the evudence. That is why they hire us forensics professionals. We can do all that and more, and it'll stll be admissible in court.

davidfacer
davidfacer

I tinkered with Vista today. So many things I tried to do failed because the O/S wouldn't let me - and I was a member of the Administrator's group! Who holds the reins of power in Vista? Certainly not me.....I'm going back to good ol' Windows XP. It's clunky, resource-hungry and full of bugs - but at least I know I'M in control.

NaughtyMonkey
NaughtyMonkey

what was failing. I am collecting user experiences with Vista for evaluation. I'd like to know what could happen if we go to it.

w2ktechman
w2ktechman

In my PC's at work. I have work related stuff, with a few random jokes (not many)They can search any of my systems at work (several) and not find anything wrong. However, I still think that most people will view these as a bad thing. And I do not disagree completely. It will be of great help to many companies, and even tech support (recover files). But for home use, I still have no plans to deal with Vista!

K7AAY
K7AAY

Have you considered what's saved in your Vista PCs? Have you advised your SarBox CCO how much easier it is to retrieve information from Vista PCs?

fatsavage
fatsavage

Thank you for a very important article, Cache Memory of images, transparent password protection, and index.dat files makes XP a one way ticket to jail, it's hard to concieve of a more efficient Law Enforcement tool. In XP reformatting and reinstalling doesnt completely destroy files so forget about a simple deleat because EnCase can find it. It really is hard to believe someone can charge for a worse system.

gpfear
gpfear

Other than destroying the hard drive, if what's on there is that important it can be retrieved. This makes the OS somewhat irrelevant.

Editor's Picks