Abstract | ||
---|---|---|
A digital forensic logging system must prevent the booting of unauthorized programs and the modification of evidence. Our previous research developed Dig-Force2, a boot control system for Windows XP platforms that employs API hooking and a trusted platform module. However, Dig-Force2 cannot be used for Windows Vista systems because the hooked API cannot monitor booting programs in user accounts. This paper describes an enhanced version of Dig-Force2, which uses a TPM and a white list to provide boot control functionality for Windows Vista systems. In addition, the paper presents the results of security and performance evaluations of the boot control system. |
Year | DOI | Venue |
---|---|---|
2009 | 10.1007/978-3-642-04155-6_10 | ADVANCES IN DIGITAL FORENSICS V |
Keywords | Field | DocType |
Evidence integrity,boot control,Windows Vista | Microsoft Windows,Desktop Window Manager,Security and safety features new to Windows Vista,Windows NT,Computer science,Rootkit,Group Policy,Windows Vista,Operating system,Embedded system,SYSTEM.INI | Conference |
Volume | ISSN | Citations |
306 | 1868-4238 | 1 |
PageRank | References | Authors |
0.63 | 2 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Yuki Ashino | 1 | 13 | 3.68 |
Keisuke Fujita | 2 | 62 | 12.05 |
Maiko Furusawa | 3 | 1 | 0.63 |
Tetsutaro Uehara | 4 | 48 | 14.20 |
Ryoichi Sasaki | 5 | 28 | 11.60 |