Abstract
Detecting and responding to successful exploitation of Windows hosts depends on the skill and preparedness of first responders and the effectiveness of their tool sets. The release of and transition to Vista presents a potential challenge with respect to those skills and tools. The adoption of a new federal standard FDCC (Federal Desktop Core Configuration) specifying the configuration for desktop and laptop computers in federal agencies presents a second challenge to first responders and their tool sets. This paper explores those potential challenges by: (1) Identifying additional requirements for preparing to examine Windows hosts; and (2) Comparing the effectiveness of tool sets executed against two different Windows operating systems, configured to two different standards, resulting in these four cases: Windows XP, default configuration. Windows XP, configured to FDCC standards. Windows Vista, default configuration. Windows Vista, configured to FDCC standards.
Original language | English (US) |
---|---|
Pages | 87-96 |
Number of pages | 10 |
State | Published - 2008 |
Event | 3rd International Conference on Information Warfare and Security, ICIW 2008 - Omaha, NE, United States Duration: Apr 24 2008 → Apr 25 2008 |
Conference
Conference | 3rd International Conference on Information Warfare and Security, ICIW 2008 |
---|---|
Country/Territory | United States |
City | Omaha, NE |
Period | 4/24/08 → 4/25/08 |
Keywords
- Federal desktop core configuration (FDCC)
- Forensics
- Incident response
- Operating systems
- Windows vista
ASJC Scopus subject areas
- Information Systems
- Safety, Risk, Reliability and Quality