Difference between pages "Windows 8" and "GRR"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(New Features)
 
(Publications)
 
Line 1: Line 1:
Initially Windows 8 had a workstation and server edition. The server edition became Windows Server 2012.
+
{{Infobox_Software |
 +
  name = Rekall |
 +
  maintainer = [[Darren Bilby]] and others |
 +
  os = {{Cross-platform}} |
 +
  genre = {{Incident response}} |
 +
  license = {{APL}} |
 +
  website = [https://code.google.com/p/grr/ code.google.com/p/grr/] |
 +
}}
  
== New Features ==
+
GRR is an Incident Response Framework focused on Remote Live Forensics.
The following new features were introduced in Windows 8:
+
* [[Windows Shadow Volumes | File History]]
+
* [[Windows Storage Spaces | Storage Spaces]]
+
* [[Search Charm History]]
+
  
=== Windows 8.1 ==
+
= See also =
 +
* [[rekall]]
  
== File System ==  
+
= External Links =
The file system used by Windows 8 is primarily [[NTFS]].
+
* [https://code.google.com/p/grr/ Project site]
 +
* [https://code.google.com/p/grr/wiki/ProjectFAQ Project FAQ]
 +
* [http://grr.googlecode.com/git/docs/index.html Documentation]
  
The [[Resilient File System (ReFS)]] was initially available in the Windows 8 server edition but became part of Windows 2012 server edition.
+
== Publications ==
 +
* [http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/37237.pdf Distributed forensics and incident response in the enterprise], by [[Michael Cohen]], [[Darren Bilby]], G. Caronni. Digital Investigation, 2011.
 +
* [https://googledrive.com/host/0B9hc84IflFGbN2IwMTUyYTUtMTU0Mi00ZWQ3LWFhNDktM2IyMTg5MmY3OWI0/Hunting%20in%20the%20Enterprise:%20Forensic%20Triage%20and%20Incident%20Response Hunting in the enterprise: Forensic triage and incident response], by [[Andreas Moser], [[Michael Cohen]], Digital Investigation, 2013.
  
== Jump Lists ==
+
== Presentations ==
[[Jump Lists]] are Task Bar artifacts that were first introduced on Windows 7 and are also available on Windows 8.
+
* [https://googledrive.com/host/0B1wsLqFoT7i2N3hveC1lSEpHUnM/Docs/GRR%20Rapid%20Response%20-%20OSFC%202012.pdf OSDFC 2012 GRR Overview], by [[Darren Bilby]]
  
== Registry ==
+
== Workshops ==
The [[Windows_Registry|Windows Registry]] remains a core component of the Windows operating system.
+
* [https://drive.google.com/?usp=chrome_app#folders/0B1wsLqFoT7i2eU1jU0JldW9JUU0 OSDFC workshop 2013] , by [[Darren Bilby]]
 
+
== See Also ==
+
* [[Windows]]
+
* [[Windows Vista]]
+
* [[Windows 7]]
+
 
+
== External Links ==
+
* [http://en.wikipedia.org/wiki/Features_new_to_Windows_8 Features new to Windows 8], Wikipedia
+
* [http://computerforensics.champlain.edu/blog/windows-8-forensics Windows 8 Forensics - part 1]
+
* [http://computerforensics.champlain.edu/blog/windows-8-forensics-part-2 Windows 8 Forensics - part 2]
+
* [http://computerforensics.champlain.edu/blog/windows-8-forensics-part-3 Windows 8 Forensics - part 3]
+
* [http://propellerheadforensics.files.wordpress.com/2012/05/thomson_windows-8-forensic-guide2.pdf Windows 8 Forensic Guide], by [[Amanda Thomson|Amanda C. F. Thomson]], 2012
+
* [http://forensicfocus.com/Forums/viewtopic/t=9604/ Forensic Focus: Windows 8 Forensics - A First Look], [http://www.youtube.com/watch?v=uhCooEz9FQs&feature=youtu.be Presentation], [http://www.forensicfocus.com/downloads/windows-8-forensics-josh-brunty.pdf Slides], by [[Josh Brunty]], August 2012
+
* [http://dfstream.blogspot.ch/2013/03/windows-8-tracking-opened-photos.html Windows 8: Tracking Opened Photos], by [[Jason Hale]], March 8, 2013
+
* [http://dfstream.blogspot.com/2013/09/windows-8-and-81-search-charm-history.html indows 8 and 8.1: Search Charm History], by [[Jason Hale]], September 9, 2013
+
 
+
[[Category:Operating systems]]
+

Revision as of 14:20, 12 January 2014

Rekall
Maintainer: Darren Bilby and others
OS: Cross-platform
Genre: Incident Response
License: APL
Website: code.google.com/p/grr/

GRR is an Incident Response Framework focused on Remote Live Forensics.

See also

External Links

Publications

Presentations

Workshops