Difference between pages "AFF Development Task List" and "Windows Vista"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(High Priority: - afcat usage message)
 
(File System)
 
Line 1: Line 1:
== High Priority ==
+
== New Features ==
 +
* [[BitLocker Disk Encryption | BitLocker]]
 +
* [[Windows Desktop Search | Search]] integrated in operating system
 +
* [[ReadyBoost]]
 +
* [[SuperFetch]]
 +
* [[NTFS|Transactional NTFS (TxF)]]
 +
* [[Windows NT Registry File (REGF)|Transactional Registry (TxR)]]
 +
* [[Windows Shadow Volumes|Shadow Volumes]]; the volume-based storage of the Volume Shadow Copy data
 +
* $Recycle.Bin
 +
* [[Windows XML Event Log (EVTX)]]
 +
* [[User Account Control (UAC)]]
  
* Create man pages and/or documentation for AFF toolkit. To wit:
+
== File System ==
 +
The file system used by Windows Vista is primarily [[NTFS]].
  
* [[aimage]]
+
In Windows Vista, NTFS no longer tracks the Last Access time of a file by default. This feature can be enabled by the user if desired via setting the registry key 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate' to '0'. Note that this feature has been around since as early as Windows 2000 [http://technet.microsoft.com/en-us/library/cc959914.aspx].
* [[ident]]
+
* [[afcat]]
+
* [[afcompare]]
+
* [[afconvert]]
+
* [[affix]]
+
* [[affuse]]
+
* [[afinfo]]
+
* [[afstats]]
+
* [[afxml]]
+
* [[afsegment]]
+
  
* Add a usage description to [[afcat]]. When run with no arguments the output should say what the program does.
+
== Registry ==
 +
The [[Windows_Registry|Windows Registry]] remains a central component of the Windows Vista operating system.
  
* Create man pages and/or documentation for AFF library functions (e.g. ,<tt>af_open</tt>, <tt>af_get_imagesize</tt>)
+
== See Also ==
 +
* [[Windows]]
 +
* [[Windows 7]]
 +
* [[Windows 8]]
  
* Build library as a shared library using libtool. This will allow developers using the library to just link to the AFF. Without it, developers must link to the static library and the individual libraries necessary <em>on that machine</em>. There is no good way to determine those extra libraries.
+
== External Links ==
  
* Document that <tt>af_write</tt> may not be called without first setting the <tt>image_pagesize</tt> value inside of the <tt>AFFILE</tt> structure. Not doing so causes a divide by zero error. Perhaps we should 1. Check that <tt>image_pagesize</tt> is not zero and 2. Set <tt>image_pagesize</tt> to a known good default value when opening a new AFF file for writing.
+
[[Category:Operating systems]]
 
+
== Medium Priority ==
+
 
+
* How about renaming the library to libaff? That would allow developers to link with <tt>-laff</tt> instead of <tt>-lafflib</tt>. To my knowledge, there is no existing library named AFF already.
+
 
+
* Is there a set of segment names that must be defined to have a ''valid'' AFF file?
+
 
+
* Document that <tt>af_open</tt> (when writing a file) does more than a standard <tt>fopen</tt> command. The command writes an AFF stub of some kind to the output file. Users should be cautioned not to use this function as a test, lest they overwrite data.
+
 
+
* Does <tt>af_open</tt> refuse to open a file for writing if it already exists? If so, what kind of error does it return?
+
 
+
* Document how to programmatically enumerate all segments and values in a file. That is, explain how to get the output of <tt>$ afinfo -a</tt>.
+
 
+
== Low Priority ==
+
 
+
* Add library function to open standard input. Perhaps:
+
 
+
<pre>AFFILE * af_open_stdin(void);</pre>
+

Revision as of 08:31, 14 September 2013

New Features

File System

The file system used by Windows Vista is primarily NTFS.

In Windows Vista, NTFS no longer tracks the Last Access time of a file by default. This feature can be enabled by the user if desired via setting the registry key 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate' to '0'. Note that this feature has been around since as early as Windows 2000 [1].

Registry

The Windows Registry remains a central component of the Windows Vista operating system.

See Also

External Links