A New Digital Data Source to Consider

Somewhere in the hills of Seattle, Microsoft has developed a new product called Windows Home Server. This new product aims to centralize digital data in the home setting. Microsoft has partnered with several hardware manufacturers including Iomega, HP and Fujitsu to distribute the home server solution. Digital forensic examiners and/or investigators that conduct on-site acquisitions or physical collections of digital devices should familiarize themselves with the branded hardware so they know what they are looking for. Typically, Windows Home Server physically sits on the network as a Network Attached Service (NAS), so in other words, there won’t be a keyboard/mouse or keyboard.  It’s noteworthy to mention, that this software is just like any other Windows operating system, specifically relating to its capability to be installed on any IBM compatible computer/server. One of the features that should raise a red flag to forensic examiners/investigators is users can remotely access a home network. In this technical brief, the author writes: “Users can download files and folders, and they can upload one or more files to the shared folders on the home server while they are away from home. They can also search through the Shared Folders when they are trying to find a specific file.”  ”Users can connect remotely to the computers in your home. You can run an application or print to your home printer, just like you can when you are sitting in front of your home computer.” What does the above mean to examiners - a user can very easily remotely connect into a home network and perform normal computing tasks from afar. Now, with that being said, remote connection software has been around for a while but the “point and click” functionality that this operating system beings to the table, opens the door to the everyday user to manipulate data on their home networks from afar. Future examiners encountering a Windows Home Server must be conscious of the “complete” picture when analyzing for evidentiary data. The user friendly “features” that this server has will rekindle the “some hacker put those files on my computer” defense. Examiners must be ready and able to competently verify/dispute that claim.