This artice is free to access.
A digital forensic logging system must prevent the booting of unauthorized programs and the modification of evidence. Our previous research developed Dig-Force2, a boot control system for Windows XP platforms that employs API hooking and a trusted platform module. However, Dig-Force2 cannot be used for Windows Vista systems because the hooked API cannot monitor booting programs in user accounts. This paper describes an enhanced version of Dig-Force2, which uses a TPM and a white list to provide boot control functionality for Windows Vista systems. In addition, the paper presents the results of security and performance evaluations of the boot control system.
Ashino, Y., Fujita, K., Furusawa, M., Uehara, T., & Sasaki, R. (2009). Implementing boot control for windows vista. In IFIP Advances in Information and Communication Technology (Vol. 306, pp. 133–141). Springer New York LLC. https://doi.org/10.1007/978-3-642-04155-6_10