A framework for computer forensics investigations involving Microsoft Vista

The technical environment continues to change and impact the work of digital investigations. This research provides a framework within which computer forensics investigators can take advantage of new or different types of evidence from Microsoftpsilas Vista operating system (ldquoVistardquo). Moreover, this paper will also indicate the many challenges that investigators will encounter when faced with the Vista platform. The focus herein will be on changes associated with new security, encryption and file restoration features. These features vary according to the version of Vista and these differences will also be discussed. This research will also detail the integrity of data recovery procedures through detailed experiments used to identify how data could be manipulated by a perpetrator in Vista as compared to previous versions of Microsoftpsilas operating systems. Ultimately, this paper will indicate that enhancements in security and encryption associated with Encrypted File System (EFS) as well as BitLocker Drive Encryption are very problematic for investigators. Vista has serious implications for computer forensics investigations. Nevertheless, this research will guide the digital investigator through the labyrinth of new challenges, to effect a more thorough investigation of digital evidence.