Difference between pages "Cell Phone Forensics" and "Windows Vista"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Adding links for research)
 
(File System)
 
Line 1: Line 1:
== Guidelines ==
+
== New Features ==
 +
* [[BitLocker Disk Encryption | BitLocker]]
 +
* [[Windows Desktop Search | Search]] integrated in operating system
 +
* [[ReadyBoost]]
 +
* [[SuperFetch]]
 +
* [[NTFS|Transactional NTFS (TxF)]]
 +
* [[Windows NT Registry File (REGF)|Transactional Registry (TxR)]]
 +
* [[Windows Shadow Volumes|Shadow Volumes]]; the volume-based storage of the Volume Shadow Copy data
 +
* $Recycle.Bin
 +
* [[Windows XML Event Log (EVTX)]]
 +
* [[User Account Control (UAC)]]
  
# If on, leave on. If off, leave off.
+
== File System ==
# Collect and preserve other surrounding and related devices. Be especially careful to collect the power charger. The phone's battery will only last a certain amount of time. When it dies, much of the data on the device may go too!
+
The file system used by Windows Vista is primarily [[NTFS]].
# Plug the phone in, preferably in the evidence room, as soon as possible.
+
# Retain [[search warrant]] (if necessary - [[LE]]).
+
# Return device to forensic lab if able.
+
# Use [[forensically sound]] tools for processing.
+
  
== Notes ==
+
In Windows Vista, NTFS no longer tracks the Last Access time of a file by default. This feature can be enabled by setting the NtfsDisableLastAccessUpdate value to '0' in the Registry key:
 +
<pre>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem</pre>
  
Expand on 5 as to what to collect:
+
Note that this feature has been around since as early as Windows 2000 [http://technet.microsoft.com/en-us/library/cc959914.aspx].
  
* [[ESN]],
+
== Registry ==
* [[IMEI]],
+
The [[Windows_Registry|Windows Registry]] remains a central component of the Windows Vista operating system.
* [[Carrier]],
+
* Model Number,
+
* Color, and
+
* Other information related to [[Cell Phone]] and [[SIM Card]].
+
  
Process:
+
== See Also ==
 +
* [[Windows]]
 +
* [[Windows 7]]
 +
* [[Windows 8]]
  
# Research the [[Cell Phone]]. Visit PhoneScoop.com for more information
+
== External Links ==
#
+
#
+
#
+
  
== Links ==
+
[[Category:Operating systems]]
[http://www.PhoneScoop.com PhoneScoop.com]
+
[http://www.mobileforensics.com MobileForensics.com]
+
[http://www.SmartPhoneForensics.com SmartPhoneForensics.com]
+

Revision as of 08:32, 14 September 2013

New Features

File System

The file system used by Windows Vista is primarily NTFS.

In Windows Vista, NTFS no longer tracks the Last Access time of a file by default. This feature can be enabled by setting the NtfsDisableLastAccessUpdate value to '0' in the Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem

Note that this feature has been around since as early as Windows 2000 [1].

Registry

The Windows Registry remains a central component of the Windows Vista operating system.

See Also

External Links