ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Windows Vista

From ForensicsWiki
Revision as of 17:18, 20 October 2013 by Joachim Metz (Talk | contribs) (Prefetch)

Jump to: navigation, search

New Features

File System

The file system used by Windows Vista is primarily NTFS.

In Windows Vista, NTFS no longer tracks the Last Access time of a file by default. This feature can be enabled by setting the NtfsDisableLastAccessUpdate value to '0' in the Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem

Note that this feature has been around since as early as Windows 2000 [1].

Prefetch

Note that the prefetch hash function is different then that of Windows XP.

The Windows Prefetch File Format was changed to version 23.

Registry

The Windows Registry remains a central component of the Windows Vista operating system.

See Also

External Links