ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "Windows 8" and "GRR"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(New Features)
 
(Publications)
 
Line 1: Line 1:
Initially Windows 8 had a workstation and server edition. The server edition became Windows Server 2012.
+
{{Infobox_Software |
 +
  name = Rekall |
 +
  maintainer = [[Darren Bilby]] and others |
 +
  os = {{Cross-platform}} |
 +
  genre = {{Incident response}} |
 +
  license = {{APL}} |
 +
  website = [https://code.google.com/p/grr/ code.google.com/p/grr/] |
 +
}}
  
== New Features ==
+
GRR is an Incident Response Framework focused on Remote Live Forensics.
The following new features were introduced in Windows 8:
+
* [[Windows Shadow Volumes | File History]]
+
* [[Windows Storage Spaces | Storage Spaces]]
+
* [[Search Charm History]]
+
  
=== Windows 8.1 ==
+
= See also =
 +
* [[rekall]]
  
== File System ==  
+
= External Links =
The file system used by Windows 8 is primarily [[NTFS]].
+
* [https://code.google.com/p/grr/ Project site]
 +
* [https://code.google.com/p/grr/wiki/ProjectFAQ Project FAQ]
 +
* [http://grr.googlecode.com/git/docs/index.html Documentation]
  
The [[Resilient File System (ReFS)]] was initially available in the Windows 8 server edition but became part of Windows 2012 server edition.
+
== Publications ==
 +
* [http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/37237.pdf Distributed forensics and incident response in the enterprise], by [[Michael Cohen]], [[Darren Bilby]], G. Caronni. Digital Investigation, 2011.
 +
* [https://googledrive.com/host/0B9hc84IflFGbN2IwMTUyYTUtMTU0Mi00ZWQ3LWFhNDktM2IyMTg5MmY3OWI0/Hunting%20in%20the%20Enterprise:%20Forensic%20Triage%20and%20Incident%20Response Hunting in the enterprise: Forensic triage and incident response], by [[Andreas Moser], [[Michael Cohen]], Digital Investigation, 2013.
  
== Jump Lists ==
+
== Presentations ==
[[Jump Lists]] are Task Bar artifacts that were first introduced on Windows 7 and are also available on Windows 8.
+
* [https://googledrive.com/host/0B1wsLqFoT7i2N3hveC1lSEpHUnM/Docs/GRR%20Rapid%20Response%20-%20OSFC%202012.pdf OSDFC 2012 GRR Overview], by [[Darren Bilby]]
  
== Registry ==
+
== Workshops ==
The [[Windows_Registry|Windows Registry]] remains a core component of the Windows operating system.
+
* [https://drive.google.com/?usp=chrome_app#folders/0B1wsLqFoT7i2eU1jU0JldW9JUU0 OSDFC workshop 2013] , by [[Darren Bilby]]
 
+
== See Also ==
+
* [[Windows]]
+
* [[Windows Vista]]
+
* [[Windows 7]]
+
 
+
== External Links ==
+
* [http://en.wikipedia.org/wiki/Features_new_to_Windows_8 Features new to Windows 8], Wikipedia
+
* [http://computerforensics.champlain.edu/blog/windows-8-forensics Windows 8 Forensics - part 1]
+
* [http://computerforensics.champlain.edu/blog/windows-8-forensics-part-2 Windows 8 Forensics - part 2]
+
* [http://computerforensics.champlain.edu/blog/windows-8-forensics-part-3 Windows 8 Forensics - part 3]
+
* [http://propellerheadforensics.files.wordpress.com/2012/05/thomson_windows-8-forensic-guide2.pdf Windows 8 Forensic Guide], by [[Amanda Thomson|Amanda C. F. Thomson]], 2012
+
* [http://forensicfocus.com/Forums/viewtopic/t=9604/ Forensic Focus: Windows 8 Forensics - A First Look], [http://www.youtube.com/watch?v=uhCooEz9FQs&feature=youtu.be Presentation], [http://www.forensicfocus.com/downloads/windows-8-forensics-josh-brunty.pdf Slides], by [[Josh Brunty]], August 2012
+
* [http://dfstream.blogspot.ch/2013/03/windows-8-tracking-opened-photos.html Windows 8: Tracking Opened Photos], by [[Jason Hale]], March 8, 2013
+
* [http://dfstream.blogspot.com/2013/09/windows-8-and-81-search-charm-history.html indows 8 and 8.1: Search Charm History], by [[Jason Hale]], September 9, 2013
+
 
+
[[Category:Operating systems]]
+

Revision as of 19:20, 12 January 2014

Rekall
Maintainer: Darren Bilby and others
OS: Cross-platform
Genre: Incident Response
License: APL
Website: code.google.com/p/grr/

GRR is an Incident Response Framework focused on Remote Live Forensics.

See also

External Links

Publications

Presentations

Workshops