- Search integrated in operating system
- Transactional NTFS (TxF)
- Transactional Registry (TxR)
- Shadow Volumes; the volume-based storage of the Volume Shadow Copy data
- Windows XML Event Log (EVTX)
- User Account Control (UAC)
The file system used by Windows Vista is primarily NTFS.
In Windows Vista, NTFS no longer tracks the Last Access time of a file by default. This feature can be enabled by setting the NtfsDisableLastAccessUpdate value to '0' in the Registry key:
Note that this feature has been around since as early as Windows 2000 .
Note that the prefetch hash function is different then that of Windows XP.
The Windows Prefetch File Format was changed to version 23.
The Windows Registry remains a central component of the Windows Vista operating system.
- Windows Vista Network Attack Surface Analysis, James Hoagland, Matt Conover, Tim Newsham, Ollie Whitehouse
- Inside the Windows Vista Kernel: Part 1, by Mark Russinovich, February 2007
- Inside the Windows Vista Kernel: Part 2, by Mark Russinovich, March 2007
- Inside the Windows Vista Kernel: Part 3, by Mark Russinovich, April 2007
- Forensic Implications of Windows Vista, by Barrie Stewart, September 2007