Advertisement

Implementing Boot Control for Windows Vista

  • Yuki Ashino
  • Keisuke Fujita
  • Maiko Furusawa
  • Tetsutaro Uehara
  • Ryoichi Sasaki
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 306)

Abstract

A digital forensic logging system must prevent the booting of unauthorized programs and the modification of evidence. Our previous research developed Dig-Force2, a boot control system for Windows XP platforms that employs API hooking and a trusted platform module. However, Dig-Force2 cannot be used for Windows Vista systems because the hooked API cannot monitor booting programs in user accounts. This paper describes an enhanced version of Dig-Force2, which uses a TPM and a white list to provide boot control functionality for Windows Vista systems. In addition, the paper presents the results of security and performance evaluations of the boot control system.

Keywords

Evidence integrity boot control Windows Vista 

References

  1. 1.
    Y. Ashino and R. Sasaki, Proposal of digital forensic system using security device and hysteresis signature, Proceedings of the Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing, pp. 3–7, 2007.Google Scholar
  2. 2.
    K. Fujita, Y. Ashino, T. Uehara and R. Sasaki, Using boot control to preserve the integrity of evidence, in Advances in Digital Forensics IV, I. Ray and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 61–74, 2008.CrossRefGoogle Scholar
  3. 3.
    Microsoft Corporation, Services, Redmond, Washington (msdn .microsoft.com/en-us/library/ms685141.aspx).Google Scholar
  4. 4.
    K. Miyazaki, S. Susaki, M. Iwamura, T. Matsumoto, R. Sasaki and H. Yoshiura, Digital document sanitizing problem, Institute of Electronics, Information and Communication Engineers Technical Reports, vol. 103(195), pp. 61–67, 2003.Google Scholar
  5. 5.
    R. Sasaki, Y. Ashino and T. Masubuchi, A trial for systematization of digital forensics and proposal on the required technologies, Japanese Society of Security Management Magazine, April 2006.Google Scholar
  6. 6.
    S. Susaki and T. Matsumoto, Alibi establishment for electronic signatures, Transactions of the Information Processing Society of Japan, vol. 43(8), pp. 2381–2393, 2008.Google Scholar
  7. 7.
    Trusted Computing Group, Beaverton, Oregon (www.trustedcom putinggroup.org).Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2009

Authors and Affiliations

  • Yuki Ashino
  • Keisuke Fujita
  • Maiko Furusawa
  • Tetsutaro Uehara
  • Ryoichi Sasaki

There are no affiliations available

Personalised recommendations