Difference between pages "Malware" and "Windows 8"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Exploit Kit)
 
(Registry)
 
Line 1: Line 1:
'''Malware''' is a short version of '''Malicious Software'''.
+
Initially Windows 8 had a workstation and server edition. The server edition became Windows Server 2012.
  
Malware is software used for data theft, device damage, harassment, etc. It is very similar to computer malware. It installs things such as trojans, worms, and botnets to the affected device. It is illegal to knowingly distribute malware.
+
== New Features ==
 +
The following new features were introduced in Windows 8:
 +
* [[Windows File History | File History]]
 +
* [[Windows Storage Spaces | Storage Spaces]]
 +
* [[Search Charm History]]
  
== Virus ==
+
== File System ==  
A computer program that can automatically copy itself and infect a computer.
+
The file system used by Windows 8 is primarily [[NTFS]].
  
== Worm ==
+
The [[Resilient File System (ReFS)]] was initially available in the Windows 8 server edition but became part of Windows 2012 server edition.
A self-replicating computer program that can automatically infect computers on a network.
+
  
== Trojan horse ==
+
== Jump Lists ==
A computer program which appears to perform a certain action, but actually performs many different forms of codes.
+
[[Jump Lists]] are Task Bar artifacts that were first introduced on Windows 7 and are also available on Windows 8.
  
== Spyware ==
+
== [[Prefetch]] ==
A computer program that can automatically intercept or take partial control over the user's interaction.
+
The prefetch hash function is similar to [[Windows 2008]].
  
== Exploit Kit ==
+
The [[Windows Prefetch File Format]] was changed on Windows 8.1 to version 26. (note this could be Windows 8 as well but has not been confirmed)
A toolkit that automates the exploitation of client-side vulnerabilities, targeting browsers and programs that a website can invoke through the browser.  
+
 
 +
== Registry ==
 +
The [[Windows_Registry|Windows Registry]] remains a core component of the Windows operating system.
 +
 
 +
On Windows 8 Amcache.hve replaces RecentFileCache.bcf and uses the [[Windows NT Registry File (REGF)]] format.
 +
 
 +
<pre>
 +
C:\Windows\AppCompat\Programs\Amcache.hve
 +
</pre>
  
 
== See Also ==
 
== See Also ==
== External Links ==
+
* [[Windows]]
* [http://en.wikipedia.org/wiki/Malware Wikipedia entry on malware]
+
* [[Windows Vista]]
* [http://www.viruslist.com/ Viruslist.com]
+
* [[Windows 7]]
* [http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares Androguard]: A list of recognized Android malware
+
  
=== Exploit Kit ===
+
== External Links ==
* [http://blog.zeltser.com/post/1410922437/what-are-exploit-kits What Are Exploit Kits?], by [[Lenny Zeltser]], October 26, 2010
+
* [http://en.wikipedia.org/wiki/Features_new_to_Windows_8 Features new to Windows 8], Wikipedia
* [http://nakedsecurity.sophos.com/2013/07/02/the-four-seasons-of-glazunov-digging-further-into-sibhost-and-flimkit/ The four seasons of Glazunov: digging further into Sibhost and Flimkit], by Fraser Howard on July 2, 2013
+
* [http://computerforensics.champlain.edu/blog/windows-8-forensics Windows 8 Forensics - part 1]
 +
* [http://computerforensics.champlain.edu/blog/windows-8-forensics-part-2 Windows 8 Forensics - part 2]
 +
* [http://computerforensics.champlain.edu/blog/windows-8-forensics-part-3 Windows 8 Forensics - part 3]
 +
* [http://propellerheadforensics.files.wordpress.com/2012/05/thomson_windows-8-forensic-guide2.pdf Windows 8 Forensic Guide], by [[Amanda Thomson|Amanda C. F. Thomson]], 2012
 +
* [http://forensicfocus.com/Forums/viewtopic/t=9604/ Forensic Focus: Windows 8 Forensics - A First Look], [http://www.youtube.com/watch?v=uhCooEz9FQs&feature=youtu.be Presentation], [http://www.forensicfocus.com/downloads/windows-8-forensics-josh-brunty.pdf Slides], by [[Josh Brunty]], August 2012
 +
* [http://dfstream.blogspot.ch/2013/03/windows-8-tracking-opened-photos.html Windows 8: Tracking Opened Photos], by [[Jason Hale]], March 8, 2013
 +
* [http://dfstream.blogspot.com/2013/09/windows-8-and-81-search-charm-history.html Windows 8 and 8.1: Search Charm History], by [[Jason Hale]], September 9, 2013
 +
* [http://www.swiftforensics.com/2013/12/amcachehve-in-windows-8-goldmine-for.html Amcache.hve in Windows 8 - Goldmine for malware hunters], by Yogesh Khatri, December 4, 2013
  
[[Category:Malware]]
+
[[Category:Operating systems]]

Revision as of 01:10, 5 December 2013

Initially Windows 8 had a workstation and server edition. The server edition became Windows Server 2012.

New Features

The following new features were introduced in Windows 8:

File System

The file system used by Windows 8 is primarily NTFS.

The Resilient File System (ReFS) was initially available in the Windows 8 server edition but became part of Windows 2012 server edition.

Jump Lists

Jump Lists are Task Bar artifacts that were first introduced on Windows 7 and are also available on Windows 8.

Prefetch

The prefetch hash function is similar to Windows 2008.

The Windows Prefetch File Format was changed on Windows 8.1 to version 26. (note this could be Windows 8 as well but has not been confirmed)

Registry

The Windows Registry remains a core component of the Windows operating system.

On Windows 8 Amcache.hve replaces RecentFileCache.bcf and uses the Windows NT Registry File (REGF) format.

C:\Windows\AppCompat\Programs\Amcache.hve

See Also

External Links