Microsoft Windows has been the operating system (OS) of choice since
the early 1990s. The first successful platform was Windows 3.11,
followed by Windows 95, Windows 98 and Windows 2000. The Windows NT
platform was created as a server side operating system, and lead to
Windows XP, by far the more wide spread version so far. The new
generation called Vista is now the new standard for Microsoft. There
are several versions of the above mentioned, but these are the
backbone of the Windows family.
Windows are a huge and complex operating system. It is worth
mentioning that all the upgrades and Service Packs of Windows XP are
at least 3 times the size of the original software.
Windows use a vast amount of files, temporary files, virtual memory,
and memory resources. There is a large amount of temporary
data stored on the hard disk or in the RAM at any time. The wealth
of information that can be extrapolated include user information,
activity logs, dates, times, etc. Because Windows is designed to
preserve data, this makes things easy for the digital investigator
to chose from a pool of data. Parts of the OS like the registry
allow us to determine when a program was installed or removed, when
a USB was attached or when other activities took place. Items moved
to the Recycle Bin can be restored, and even when removed from
there, they can be traced and retrieved on the hard dis.
Windows 7 presents new challenges to the forensic examiners.
By keeping up to date, we manage to master the secrets of
Microsoft's new OS which looks like it is going to be around a lot
more than Vista.
Strathclyde Forensics has the
technological know-how and resources that allow us to investigate
your windows system, and provide you with the evidence you need for