![]() ![]() Also, in Windows 7/Vista, you can change the Autoplay settings through the control panel (you can find the settings under Hardware and Sound->Play CDs or other media automatically) however, I prefer to make this change in the Registry so that the process is consistent across Windows versions. Microsoft has defined a specific Registry key to control the behavior of Autorun/Autoplay, which is respected in all of the modern Windows versions (2000/XP/2003/Vista/7). Here are few tips and tricks for making that happen: Disable Autorun/Autoplayĭisabling Autorun/Autoplay will prevent your system from automatically starting applications on removable/attachable media (if defined in an autorun.inf file). Write blockers will prevent the accidental alteration of data, but sometimes you won't have a write blocker handy or you won't have a specific write blocker for the type of media that you need to image, so it is best to keep your system in a state that is as forensically safe as possible. ![]() Normally this is a good thing, however, many of the things that Windows does for your convenience can at best be an annoyance to your forensics workflow and at worst actually alter your evidence calling into question its integrity. But, I do recognize that out of the box Windows systems are not the most forensically sound environment - they love to automount drives, index files, and basically try to make your life easy. ![]() I understand that this statement will probably come with the requisite beatings, but I honestly enjoy using Windows on a day to day basis more than other operating systems and am willing to take whatever flack comes my way over it (and yes, my team at work loves to give me grief for it). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |