The impact of vista and federal desktop core configuration on incident response

Daniel Cotton, Stephen Nugen, William Mahoney

Research output: Contribution to conferencePaper

Abstract

Detecting and responding to successful exploitation of Windows hosts depends on the skill and preparedness of first responders and the effectiveness of their tool sets. The release of and transition to Vista presents a potential challenge with respect to those skills and tools. The adoption of a new federal standard FDCC (Federal Desktop Core Configuration) specifying the configuration for desktop and laptop computers in federal agencies presents a second challenge to first responders and their tool sets. This paper explores those potential challenges by: (1) Identifying additional requirements for preparing to examine Windows hosts; and (2) Comparing the effectiveness of tool sets executed against two different Windows operating systems, configured to two different standards, resulting in these four cases: Windows XP, default configuration. Windows XP, configured to FDCC standards. Windows Vista, default configuration. Windows Vista, configured to FDCC standards.

Original languageEnglish (US)
Pages87-96
Number of pages10
StatePublished - Jan 1 2008
Event3rd International Conference on Information Warfare and Security, ICIW 2008 - Omaha, NE, United States
Duration: Apr 24 2008Apr 25 2008

Conference

Conference3rd International Conference on Information Warfare and Security, ICIW 2008
CountryUnited States
CityOmaha, NE
Period4/24/084/25/08

Fingerprint

Windows operating system
Laptop computers
Personal computers

Keywords

  • Federal desktop core configuration (FDCC)
  • Forensics
  • Incident response
  • Operating systems
  • Windows vista

ASJC Scopus subject areas

  • Information Systems
  • Safety, Risk, Reliability and Quality

Cite this

Cotton, D., Nugen, S., & Mahoney, W. (2008). The impact of vista and federal desktop core configuration on incident response. 87-96. Paper presented at 3rd International Conference on Information Warfare and Security, ICIW 2008, Omaha, NE, United States.

The impact of vista and federal desktop core configuration on incident response. / Cotton, Daniel; Nugen, Stephen; Mahoney, William.

2008. 87-96 Paper presented at 3rd International Conference on Information Warfare and Security, ICIW 2008, Omaha, NE, United States.

Research output: Contribution to conferencePaper

Cotton, D, Nugen, S & Mahoney, W 2008, 'The impact of vista and federal desktop core configuration on incident response' Paper presented at 3rd International Conference on Information Warfare and Security, ICIW 2008, Omaha, NE, United States, 4/24/08 - 4/25/08, pp. 87-96.
Cotton D, Nugen S, Mahoney W. The impact of vista and federal desktop core configuration on incident response. 2008. Paper presented at 3rd International Conference on Information Warfare and Security, ICIW 2008, Omaha, NE, United States.
Cotton, Daniel ; Nugen, Stephen ; Mahoney, William. / The impact of vista and federal desktop core configuration on incident response. Paper presented at 3rd International Conference on Information Warfare and Security, ICIW 2008, Omaha, NE, United States.10 p.
@conference{3a1ed63bd91e46feac45620be147f010,
title = "The impact of vista and federal desktop core configuration on incident response",
abstract = "Detecting and responding to successful exploitation of Windows hosts depends on the skill and preparedness of first responders and the effectiveness of their tool sets. The release of and transition to Vista presents a potential challenge with respect to those skills and tools. The adoption of a new federal standard FDCC (Federal Desktop Core Configuration) specifying the configuration for desktop and laptop computers in federal agencies presents a second challenge to first responders and their tool sets. This paper explores those potential challenges by: (1) Identifying additional requirements for preparing to examine Windows hosts; and (2) Comparing the effectiveness of tool sets executed against two different Windows operating systems, configured to two different standards, resulting in these four cases: Windows XP, default configuration. Windows XP, configured to FDCC standards. Windows Vista, default configuration. Windows Vista, configured to FDCC standards.",
keywords = "Federal desktop core configuration (FDCC), Forensics, Incident response, Operating systems, Windows vista",
author = "Daniel Cotton and Stephen Nugen and William Mahoney",
year = "2008",
month = "1",
day = "1",
language = "English (US)",
pages = "87--96",
note = "3rd International Conference on Information Warfare and Security, ICIW 2008 ; Conference date: 24-04-2008 Through 25-04-2008",

}

TY - CONF

T1 - The impact of vista and federal desktop core configuration on incident response

AU - Cotton, Daniel

AU - Nugen, Stephen

AU - Mahoney, William

PY - 2008/1/1

Y1 - 2008/1/1

N2 - Detecting and responding to successful exploitation of Windows hosts depends on the skill and preparedness of first responders and the effectiveness of their tool sets. The release of and transition to Vista presents a potential challenge with respect to those skills and tools. The adoption of a new federal standard FDCC (Federal Desktop Core Configuration) specifying the configuration for desktop and laptop computers in federal agencies presents a second challenge to first responders and their tool sets. This paper explores those potential challenges by: (1) Identifying additional requirements for preparing to examine Windows hosts; and (2) Comparing the effectiveness of tool sets executed against two different Windows operating systems, configured to two different standards, resulting in these four cases: Windows XP, default configuration. Windows XP, configured to FDCC standards. Windows Vista, default configuration. Windows Vista, configured to FDCC standards.

AB - Detecting and responding to successful exploitation of Windows hosts depends on the skill and preparedness of first responders and the effectiveness of their tool sets. The release of and transition to Vista presents a potential challenge with respect to those skills and tools. The adoption of a new federal standard FDCC (Federal Desktop Core Configuration) specifying the configuration for desktop and laptop computers in federal agencies presents a second challenge to first responders and their tool sets. This paper explores those potential challenges by: (1) Identifying additional requirements for preparing to examine Windows hosts; and (2) Comparing the effectiveness of tool sets executed against two different Windows operating systems, configured to two different standards, resulting in these four cases: Windows XP, default configuration. Windows XP, configured to FDCC standards. Windows Vista, default configuration. Windows Vista, configured to FDCC standards.

KW - Federal desktop core configuration (FDCC)

KW - Forensics

KW - Incident response

KW - Operating systems

KW - Windows vista

UR - http://www.scopus.com/inward/record.url?scp=84896541065&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84896541065&partnerID=8YFLogxK

M3 - Paper

AN - SCOPUS:84896541065

SP - 87

EP - 96

ER -