Difference between pages "VPN" and "Windows Shadow Volumes"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (VPNs and anonymity)
 
(External Links)
 
Line 1: Line 1:
{{expand}}
+
==Volume Shadow Copy Service==
 +
Windows has included the Volume Shadow Copy Service in it's releases since Windows XP.  The Shadow Copy Service creates differential backups periodically to create restore points for the user.  Windows 7 Professional and Ultimate editions include tools to work with and manage the Volume Shadow Copy Service, including the ability to [[mount shadow volumes on disk images]].
  
'''VPN''' (Virtual Private Network) is a class of technology that allows remote machines to interconnect by creating a virtual network layer, on top of the physical network connection, that in practice is used to maintain the privacy of data shared over this virtual network connection (essentially all VPN toolsets use some form of packet-level [[encryption]]). There are many different modern implementations of the VPN concept itself, to the point where categorizing them together becomes somewhat questionable.
+
== Also see ==
 +
* [[Mount shadow volumes on disk images]]
  
== Overview ==
+
== External Links ==
 
+
* [http://computer-forensics.sans.org/blog/2010/03/16/shadow-timelines-and-other-shadowvolumecopy-digital-forensics-techniques-with-the-sleuthkit-on-windows/ Shadow Timelines And Other VolumeShadowCopy Digital Forensics Techniques with the Sleuthkit on Windows]
Virtual Private Networks are deployed by organizations and individuals for different purposes:
+
* [http://computer-forensics.sans.org/blog/2008/10/10/shadow-forensics/ VISTA and Windows 7 Shadow Volume Forensics]
 
+
* [http://forensic4cast.com/2010/04/19/into-the-shadows/ Into The Shadows]
* Protecting confidential information in organizations (for example, when connecting geographically distant office networks);
+
* [http://code.google.com/p/libvshadow/ libvshadow project to read VSS Volumes]
* Providing "work from home" or traveling employees with secure remote access to office network resources;
+
* [http://justaskweg.com/?p=351 Getting Ready for a Shadow Volume Exam], by [[Jimmy Weg]], June 2012
* Securing general Internet traffic in particularly insecure network usage settings (e.g. open wireless networks);
+
* [http://justaskweg.com/?p=466 Mounting Shadow Volumes], by [[Jimmy Weg]], July 2012
* Encrypting all internet traffic to and from a home connection, to prevent ISP packet shaping and/or surveillance (i.e. [http://www.torrentfreedom.net Torrentfreedom Privacy]).
+
* [http://justaskweg.com/?p=518 Examining the Shadow Volumes with X-Ways Forensics], by [[Jimmy Weg]] July 2012
 
+
When used for Internet connectivity, VPN service also acts as a form of proxy and protects the user's real IP address from public display. As a result, they are an increasingly popular form of anonymity protection for ordinary internet users and criminals.
+
 
+
== VPNs and anonymity ==
+
 
+
* Log files: VPN services may maintain usage logs which could then be used to track the activities of the user of those services, after the fact. However some commercial consumer-oriented VPN services specifically configure their servers not to retain any logfile information of this type. Example are [[Cryptocloud VPN]] or [[iVPN]].
+
 
+
* Protocol stack: [[TCP timestamps]] and IP ID values may be used in correlating incoming (encrypted) and outgoing (unencrypted) network streams. This type of "traffic analysis" can, in theory, be used to gather information about a fully-encrypted VPN connection - in practice, there are no known public examples of traffic analysis being used against commercial VPN service providers.
+
 
+
== See Also ==
+
 
+
* [[iVPN]]
+
* [[Cryptocloud VPN]]
+
* [[Tor]]
+
* [[Proxy server]]
+
 
+
[[Category:Anti-Forensics]]
+
[[Category:Network Forensics]]
+
[[Category:Encryption]]
+

Revision as of 00:41, 31 July 2012

Volume Shadow Copy Service

Windows has included the Volume Shadow Copy Service in it's releases since Windows XP. The Shadow Copy Service creates differential backups periodically to create restore points for the user. Windows 7 Professional and Ultimate editions include tools to work with and manage the Volume Shadow Copy Service, including the ability to mount shadow volumes on disk images.

Also see

External Links