Difference between pages "Windows 8" and "JTAG Forensics"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(New Features)
 
(Procedures)
 
Line 1: Line 1:
Initially Windows 8 had a workstation and server edition. The server edition became Windows Server 2012.
+
== Definition ==
 +
=== From Wikipedia ([http://en.wikipedia.org/wiki/Joint_Test_Action_Group http://en.wikipedia.org/wiki/Joint_Test_Action_Group ]): ===
  
== New Features ==
+
Joint Test Action Group (JTAG) is the common name for what was later standardized as the IEEE 1149.1 Standard Test Access Port and Boundary-Scan Architecture. It was initially devised for testing printed circuit boards using boundary scan and is still widely used for this application. Today JTAG is also widely used for IC debug ports. In the embedded processor market, essentially all modern processors support JTAG when they have enough pins. Embedded systems development relies on debuggers talking to chips with JTAG to perform operations like single stepping and breakpointing. Digital electronics products such as cell phones or a wireless access point generally have no other debug or test interfaces.
The following new features were introduced in Windows 8:
+
* [[Windows File History | File History]]
+
* [[Windows Storage Spaces | Storage Spaces]]
+
* [[Search Charm History]]
+
  
== File System ==  
+
=== Forensic Application ===
The file system used by Windows 8 is primarily [[NTFS]].
+
  
The [[Resilient File System (ReFS)]] was initially available in the Windows 8 server edition but became part of Windows 2012 server edition.
+
JTAG forensics is an acquisition procedure which involves connecting to the Standard Test Access Port (TAPs) on a device and instructing the processor to transfer the raw data stored on connected memory chips. Jtagging supported phones can be an extremely effective technique to extract a full physical image from devices that cannot be acquired by other means.
  
== Jump Lists ==
+
== Tools and Equipment ==
[[Jump Lists]] are Task Bar artifacts that were first introduced on Windows 7 and are also available on Windows 8.
+
  
== [[Prefetch]] ==
+
* [[JTAG and Chip-Off Tools and Equipment]]
The prefetch hash function is similar to [[Windows 2008]].
+
  
The [[Windows Prefetch File Format]] was changed on Windows 8.1 to version 26. (note this could be Windows 8 as well but has not been confirmed)
+
== Procedures ==
  
== Registry ==
+
* [[JTAG HTC Wildfire S]]
The [[Windows_Registry|Windows Registry]] remains a core component of the Windows operating system.
+
* [[JTAG Huawei TracFone M865C]]
 
+
* [[JTAG Huawei TracFone H866C]]
== See Also ==
+
* [[JTAG Huawei U8655]]
* [[Windows]]
+
* [[JTAG LG L45C TracFone]]
* [[Windows Vista]]
+
* [[JTAG LG P930 (Nitro HD)]]
* [[Windows 7]]
+
* [[JTAG Samsung Galaxy S4 (SGH-I337)]]
 
+
== External Links ==
+
* [http://en.wikipedia.org/wiki/Features_new_to_Windows_8 Features new to Windows 8], Wikipedia
+
* [http://computerforensics.champlain.edu/blog/windows-8-forensics Windows 8 Forensics - part 1]
+
* [http://computerforensics.champlain.edu/blog/windows-8-forensics-part-2 Windows 8 Forensics - part 2]
+
* [http://computerforensics.champlain.edu/blog/windows-8-forensics-part-3 Windows 8 Forensics - part 3]
+
* [http://propellerheadforensics.files.wordpress.com/2012/05/thomson_windows-8-forensic-guide2.pdf Windows 8 Forensic Guide], by [[Amanda Thomson|Amanda C. F. Thomson]], 2012
+
* [http://forensicfocus.com/Forums/viewtopic/t=9604/ Forensic Focus: Windows 8 Forensics - A First Look], [http://www.youtube.com/watch?v=uhCooEz9FQs&feature=youtu.be Presentation], [http://www.forensicfocus.com/downloads/windows-8-forensics-josh-brunty.pdf Slides], by [[Josh Brunty]], August 2012
+
* [http://dfstream.blogspot.ch/2013/03/windows-8-tracking-opened-photos.html Windows 8: Tracking Opened Photos], by [[Jason Hale]], March 8, 2013
+
* [http://dfstream.blogspot.com/2013/09/windows-8-and-81-search-charm-history.html Windows 8 and 8.1: Search Charm History], by [[Jason Hale]], September 9, 2013
+
 
+
[[Category:Operating systems]]
+

Revision as of 20:52, 25 November 2013

Definition

From Wikipedia (http://en.wikipedia.org/wiki/Joint_Test_Action_Group ):

Joint Test Action Group (JTAG) is the common name for what was later standardized as the IEEE 1149.1 Standard Test Access Port and Boundary-Scan Architecture. It was initially devised for testing printed circuit boards using boundary scan and is still widely used for this application. Today JTAG is also widely used for IC debug ports. In the embedded processor market, essentially all modern processors support JTAG when they have enough pins. Embedded systems development relies on debuggers talking to chips with JTAG to perform operations like single stepping and breakpointing. Digital electronics products such as cell phones or a wireless access point generally have no other debug or test interfaces.

Forensic Application

JTAG forensics is an acquisition procedure which involves connecting to the Standard Test Access Port (TAPs) on a device and instructing the processor to transfer the raw data stored on connected memory chips. Jtagging supported phones can be an extremely effective technique to extract a full physical image from devices that cannot be acquired by other means.

Tools and Equipment

Procedures