Windows 7

From Forensics Wiki
Revision as of 12:15, 12 September 2013 by Dcowen (Talk | contribs)

Jump to: navigation, search


Contents

File Structure

File systems are covered separately.

SSD

Per MS KB2727880, when Windows 7 is installed on a system with an SSD drive, automatic defragmentation and SuperFetch/prefetching are disabled.

Further, this TechNet post states: Since ReadyBoost will not provide a performance gain when the primary disk is an SSD, Windows 7 disables ReadyBoost when reading from an SSD drive.



Jump Lists

Jump Lists are Task Bar artifacts first introduced on Windows 7 (and also available on Windows 8).

Registry

The Windows_Registry remains a central component of the Windows 7 operating system.

== Known keys of forensic interest ==

SAM Registry SAM SAM\\Domains\\Account\\Users SAM SAM\\Domains\\Account\\UsersSAM\\Domains\\Builtin\\Aliases

Security Registry Security Policy\\PolAcDmSPolicy\\PolPrDmS Security Policy\\PolAdtEv Security Policy\\Secrets