ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "Cell Phone Forensics" and "Windows Vista"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Adding links for research)
 
(File System)
 
Line 1: Line 1:
== Guidelines ==
+
== New Features ==
 +
* [[BitLocker Disk Encryption | BitLocker]]
 +
* [[Windows Desktop Search | Search]] integrated in operating system
 +
* [[ReadyBoost]]
 +
* [[SuperFetch]]
 +
* [[NTFS|Transactional NTFS (TxF)]]
 +
* [[Windows NT Registry File (REGF)|Transactional Registry (TxR)]]
 +
* [[Windows Shadow Volumes|Shadow Volumes]]; the volume-based storage of the Volume Shadow Copy data
 +
* $Recycle.Bin
 +
* [[Windows XML Event Log (EVTX)]]
 +
* [[User Account Control (UAC)]]
  
# If on, leave on. If off, leave off.
+
== File System ==
# Collect and preserve other surrounding and related devices. Be especially careful to collect the power charger. The phone's battery will only last a certain amount of time. When it dies, much of the data on the device may go too!
+
The file system used by Windows Vista is primarily [[NTFS]].
# Plug the phone in, preferably in the evidence room, as soon as possible.
+
# Retain [[search warrant]] (if necessary - [[LE]]).
+
# Return device to forensic lab if able.
+
# Use [[forensically sound]] tools for processing.
+
  
== Notes ==
+
In Windows Vista, NTFS no longer tracks the Last Access time of a file by default. This feature can be enabled by setting the NtfsDisableLastAccessUpdate value to '0' in the Registry key:
 +
<pre>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem</pre>
  
Expand on 5 as to what to collect:
+
Note that this feature has been around since as early as Windows 2000 [http://technet.microsoft.com/en-us/library/cc959914.aspx].
  
* [[ESN]],
+
== Registry ==
* [[IMEI]],
+
The [[Windows_Registry|Windows Registry]] remains a central component of the Windows Vista operating system.
* [[Carrier]],
+
* Model Number,
+
* Color, and
+
* Other information related to [[Cell Phone]] and [[SIM Card]].
+
  
Process:
+
== See Also ==
 +
* [[Windows]]
 +
* [[Windows 7]]
 +
* [[Windows 8]]
  
# Research the [[Cell Phone]]. Visit PhoneScoop.com for more information
+
== External Links ==
#
+
#
+
#
+
  
== Links ==
+
[[Category:Operating systems]]
[http://www.PhoneScoop.com PhoneScoop.com]
+
[http://www.mobileforensics.com MobileForensics.com]
+
[http://www.SmartPhoneForensics.com SmartPhoneForensics.com]
+

Revision as of 13:32, 14 September 2013

New Features

File System

The file system used by Windows Vista is primarily NTFS.

In Windows Vista, NTFS no longer tracks the Last Access time of a file by default. This feature can be enabled by setting the NtfsDisableLastAccessUpdate value to '0' in the Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem

Note that this feature has been around since as early as Windows 2000 [1].

Registry

The Windows Registry remains a central component of the Windows Vista operating system.

See Also

External Links