Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

References > References - Pg. 106

106 Chapter 5 · Incident Response: Live Forensics and Investigations Summary As we move forward, computer forensics as we now know it will change dra- matically.The release of Microsoft's Vista will enable users to fully encrypt their hard drives.The use of virtual machines and virtual server farms are becoming more commonplace. Internet-based application servers will be harder for forensic examiners to physically collect. Additionally, Internet-based applications may generate diskless workstations, leaving the only evidence in physical memory. Finally, software vendors are starting to deploy a larger amount of software that securely deletes data because of identity-theft con- cerns. Because of these changes, and as I have pointed out in the examples in this chapter, I surmise that traditional forensics will become more impractical, and live investigations will become a necessity rather than a luxury.Traditional methodologies are becoming somewhat obsolete.The need to adopt a new way of conducting these types of investigations is essential. While we have shied away from touching the computer in order to prevent any changes, it is