The impact of vista and federal desktop core configuration on incident response

Daniel Cotton, Stephen Nugen, William Mahoney

Research output: Contribution to conferencePaperpeer-review

Abstract

Detecting and responding to successful exploitation of Windows hosts depends on the skill and preparedness of first responders and the effectiveness of their tool sets. The release of and transition to Vista presents a potential challenge with respect to those skills and tools. The adoption of a new federal standard FDCC (Federal Desktop Core Configuration) specifying the configuration for desktop and laptop computers in federal agencies presents a second challenge to first responders and their tool sets. This paper explores those potential challenges by: (1) Identifying additional requirements for preparing to examine Windows hosts; and (2) Comparing the effectiveness of tool sets executed against two different Windows operating systems, configured to two different standards, resulting in these four cases: Windows XP, default configuration. Windows XP, configured to FDCC standards. Windows Vista, default configuration. Windows Vista, configured to FDCC standards.

Original languageEnglish (US)
Pages87-96
Number of pages10
StatePublished - 2008
Event3rd International Conference on Information Warfare and Security, ICIW 2008 - Omaha, NE, United States
Duration: Apr 24 2008Apr 25 2008

Conference

Conference3rd International Conference on Information Warfare and Security, ICIW 2008
Country/TerritoryUnited States
CityOmaha, NE
Period4/24/084/25/08

Keywords

  • Federal desktop core configuration (FDCC)
  • Forensics
  • Incident response
  • Operating systems
  • Windows vista

ASJC Scopus subject areas

  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'The impact of vista and federal desktop core configuration on incident response'. Together they form a unique fingerprint.

Cite this