Insider Threat Research

CERT and the United States Sectret Service published an insider threat research that focuses on both technical and behavioral aspects of actual compromises. The key findings are Current and former employees carried out insider activities in nearly equal numbers. Sixty-three percent of the insiders held technical positions within the targeted organizations.

WTF is Microsoft doing with the Last Access Timestamp on Vista?

I recently discovered, that Microsoft destroyed a most valuable digital forensics evidence source on NTFS filesystems with Vista. The default registry key value for HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet \ Control\FileSystem\NtfsDisableLastAccessUpdate is now “1”, which means no last access timestamp will be written at all. On Windows XP and Windows 2000