Hello All,
After a long time, and Yes you read the Title right!!
With the new feature in Windows XP and Windows Vista called SteadyState, if configured properly, with Disk protection=ON, and deletion of Shared Profile either at Restart or Logoff is configured properly, there is no way to retreive any Artefacts from the system configured to run with Windows SteadyState.
as there are no modifications within $MFT, except for the entry within the $MFT itself for the C:\Boot\Bootstat.dat file.
and nothing changes!!
I am still trying to figure out other possibilities for recovering the Artefacts.
However, as of this time, i assume it is almost 50 % true to say that it is not too far, that one can hide all traces and artefacts from a system, as the advances in technologies like Windows SteadyState are coming..
Note:-System needs to be configured to use Locked Profile and deletion of any user data, Please refer to User Handbook for Windows SteadyState:-)
Need all your comments.
Thanks
Nitin Kushwaha
CHFI.CEH.SCSCA.CIW-SA.MCSE.MCSA.MCP.ITIL.CCLA.CCHA.CCSECA.CCW2K.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment