Abstract:
In computer crimes world, it is not unusual for computer forensic investigator to come through the situation in which the perpetrator wipes the evidence in its original location to conceal his wrong doings.Windows Vista Backups could be an alternative source for the invaluable lost evidence in such cases as these backups are made in the background by the system; often without user awareness. Windows Vista Backups include Complete PC Backup, User files Backup and Previous Versions. This paper investigates how these backups could be exploited by forensics investigators for the benefit of their cases. Backups were made using different backup techniques of windows vista and analyzed using different forensics tools. Experiments revealed how useful the backups could be for forensic investigations. Eventually, guidelines were developed for law enforcement agents and forensic investigators reflecting the best practices could be followed to exploit Vista backups in forensic cases.