Difference between pages "Cloud Forensics Bibliography" and "Windows 8"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(External Links)
 
Line 1: Line 1:
'''In chronological order, most recent to oldest'''
+
Initially Windows 8 had a workstation and server edition. The server edition became Windows Server 2012.
  
 +
== New Features ==
 +
The following new features were introduced in Windows 8:
 +
* [[Windows File History | File History]]
 +
* [[Windows Storage Spaces | Storage Spaces]]
 +
* [[Search Charm History]]
  
<bibtex>
+
== File System ==  
@inproceedings{OrtonLegalCloud,
+
The file system used by Windows 8 is primarily [[NTFS]].
Author = {Ivan Orton and Aaron Alva and Barbara Endicott-Popovsky},
+
title = {Legal Process and Requirements for Cloud Forensic Investigations},
+
booktitle = {Cybercrime and Cloud Forensics: Applications for Investigation Processes},
+
Editor = {K. Ruan},
+
Pages = {186-229},
+
Publisher = {IGI Global},
+
Year = {2013},
+
        url = {http://ssrn.com/abstract=2197978}}
+
</bibtex>
+
  
<bibtex>
+
The [[Resilient File System (ReFS)]] was initially available in the Windows 8 server edition but became part of Windows 2012 server edition.
@inproceedings{DykstraSeizing,
+
Author = {Josiah Dykstra},
+
title = {Seizing Electronic Evidence from Cloud Computing Environments},
+
booktitle = {Cybercrime and Cloud Forensics: Applications for Investigation Processes},
+
Editor = {K. Ruan},
+
Publisher = {IGI Global},
+
Year = {2013}}
+
</bibtex>
+
  
<bibtex>
+
== Jump Lists ==
@book{Ruan13,
+
[[Jump Lists]] are Task Bar artifacts that were first introduced on Windows 7 and are also available on Windows 8.
  title="Cybercrime and Cloud Forensics: Applications for Investigation Processes",
+
  author={Keyun Ruan},
+
  year={2013},
+
  publisher={IGI Global},
+
  url = {http://www.igi-global.com/book/cybercrime-cloud-forensics/69206}
+
}
+
</bibtex>
+
  
<bibtex>
+
== [[Prefetch]] ==
@article{DykstraJOLT,
+
The prefetch hash function is similar to [[Windows 2008]].
author = "Josiah Dykstra and Damien Riehl",
+
title = "Forensic Collection of Electronic Evidence from Infrastructure-As-a-Service Cloud Computing",
+
journal = "Richmond Journal of Law and Technology",
+
volume = {19},
+
issue = {1},
+
year = {2012},
+
  url="http://www.cs.umbc.edu/~dykstra/Final-Dykstra-Riehl-1.pdf"
+
</bibtex>
+
  
<bibtex>
+
The [[Windows Prefetch File Format]] was changed on Windows 8.1 to version 26. (note this could be Windows 8 as well but has not been confirmed)
@article{Poisel2012,
+
  title="Discussion on the Challenges and Opportunities of Cloud Forensics",
+
  author="Rainer Poisel and Simon Tjoa",
+
  journal="Multidisciplinary Research and Practice for Information Systems",
+
  pages={593--608},
+
  year={2012},
+
  publisher={Springer}
+
</bibtex>
+
  
<bibtex>
+
== Registry ==
@article{Grispos12,
+
The [[Windows_Registry|Windows Registry]] remains a core component of the Windows operating system.
author = "George Grispos and Tim Storer and William Bradley Glisson",
+
title = "Calm Before the Storm: The Challenges of Cloud Computing in Digital Forensics",
+
journal = "International Journal of Digital Crime and Forensics",
+
volume = {4},,
+
issue = {2},
+
year = {2012},
+
  url="http://www.dcs.gla.ac.uk/~grisposg/Papers/calm.pdf"
+
</bibtex>
+
  
<bibtex>
+
== Application Experience and Compatibility ==
@article{Dykstra12,
+
On Windows 8 Amcache.hve replaces RecentFileCache.bcf and uses the [[Windows NT Registry File (REGF)]] format. A common location for Amcache.hve is:
author = "Josiah Dykstra and Alan T. Sherman",
+
<pre>
title = "Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques",
+
C:\Windows\AppCompat\Programs\Amcache.hve
journal = "Digital Investigation",
+
</pre>
volume = {9},
+
year = {2012},
+
pages = {S90--S98},
+
  url="http://ww.cs.umbc.edu/~dykstra/DFRWS_Dykstra.pdf"
+
</bibtex>
+
  
<bibtex>
+
== See Also ==
@inproceedings{AlvaSADFE,
+
* [[Windows]]
Author = {Aaron Alva and Scott David and Barbara Endicott-Popovsky},
+
* [[Windows Vista]]
title = {Forensic Barriers: Legal Implications of Storing and Processing Information in the Cloud},
+
* [[Windows 7]]
booktitle = {Proceedings of the 7th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE)},
+
Year = {2012}
+
        address = {Vancouver, BC}}
+
</bibtex>
+
  
<bibtex>
+
== External Links ==
@inproceedings{ISSA,
+
* [http://en.wikipedia.org/wiki/Features_new_to_Windows_8 Features new to Windows 8], Wikipedia
author = "Waldo Delport and Michael Kohn and Martin S. Olivier",
+
* [http://computerforensics.champlain.edu/blog/windows-8-forensics Windows 8 Forensics - part 1]
title = "Isolating a cloud instance for a digital forensic investigation",
+
* [http://computerforensics.champlain.edu/blog/windows-8-forensics-part-2 Windows 8 Forensics - part 2]
  booktitle={Proceedings of the 2011 Information Security for South Africa (ISSA 2011) Conference},
+
* [http://computerforensics.champlain.edu/blog/windows-8-forensics-part-3 Windows 8 Forensics - part 3]
  year={August 2011},
+
* [http://propellerheadforensics.files.wordpress.com/2012/05/thomson_windows-8-forensic-guide2.pdf Windows 8 Forensic Guide], by [[Amanda Thomson|Amanda C. F. Thomson]], 2012
  organization={ISSA},
+
* [http://forensicfocus.com/Forums/viewtopic/t=9604/ Forensic Focus: Windows 8 Forensics - A First Look], [http://www.youtube.com/watch?v=uhCooEz9FQs&feature=youtu.be Presentation], [http://www.forensicfocus.com/downloads/windows-8-forensics-josh-brunty.pdf Slides], by [[Josh Brunty]], August 2012
</bibtex>
+
* [http://dfstream.blogspot.ch/2013/03/windows-8-tracking-opened-photos.html Windows 8: Tracking Opened Photos], by [[Jason Hale]], March 8, 2013
 +
* [http://dfstream.blogspot.com/2013/09/windows-8-and-81-search-charm-history.html Windows 8 and 8.1: Search Charm History], by [[Jason Hale]], September 9, 2013
 +
* [http://www.swiftforensics.com/2013/12/amcachehve-in-windows-8-goldmine-for.html Amcache.hve in Windows 8 - Goldmine for malware hunters], by Yogesh Khatri, December 4, 2013
 +
* [http://www.swiftforensics.com/2013/12/amcachehve-part-2.html Amcache.hve - Part 2], by Yogesh Khatri, December 16, 2013
  
<bibtex>
+
[[Category:Operating systems]]
@article{CLSR,
+
author = "Esther George and Stephen Mason",
+
title = "Digital evidence and ‘cloud’ computing",
+
journal = "Computer Law & Security Review",
+
volume = {27},
+
issue = {5},
+
year = {September 2011},
+
pages = {524--528}
+
</bibtex>
+
 
+
<bibtex>
+
@article{dykstraJournal,
+
  author = "Josiah Dykstra and Alan. T. Sherman",
+
  title = "Understanding Issues in Cloud Forensics: Two Hypothetical Case Studies",
+
  journal ={Journal of Network Forensics},
+
  volume = {3},
+
  number = {1},
+
  year = {Autumn, 2011},
+
  pages = {19--31}
+
}
+
</bibtex>
+
 
+
<bibtex>
+
@article{ruan,
+
  title="Cloud forensics: An overview",
+
  author={Keyun Ruan and Joe Carthy and Tahar Kechadi and Mark Crosbie},
+
  booktitle={Advances in Digital Forensics VII},
+
  year={2011},
+
  url="http://cloudforensicsresearch.org/publication/Cloud_Forensics_An_Overview_7th_IFIP.pdf"
+
}
+
 
+
</bibtex>
+
<bibtex>
+
 
+
@inproceedings{ruanSurvey,
+
  title="Survey on cloud forensics and critical criteria for cloud forensic capability: A preliminary analysis",
+
  author={Keyun Ruan and Ibrahim Baggili and Joe Carthy and Tahar Kechadi},
+
  booktitle={Proceedings of the 2011 ADFSL Conference on Digital Forensics, Security and Law},
+
  year={2011},
+
  organization={ADFSL},
+
  url="http://www.cloudforensicsresearch.org/publication/Survey_on_Cloud_Forensics_and_Critical_Criteria_for_Cloud_Forensic_Capability_6th_ADFSL.pdf"
+
}
+
</bibtex>
+
 
+
<bibtex>
+
@article{CloudForensics,
+
  author = {Mark Taylor and John Haggerty and David Gresty and David Lamb},
+
  title = {Forensic investigation of cloud computing systems},
+
  journal ={Network Security},
+
  volume = {2011},
+
  number = {3},
+
  year = {2011},
+
  pages = {4--10},
+
  url="http://www.whieb.com/download.jsp?address=/upload%2Fdoc%2F20110415%2Fforensic+investigation+of+cloud+computing+systems.pdf"
+
}
+
 
+
</bibtex>
+
<bibtex>
+
 
+
@inproceedings{birk,
+
  title="Technical Issues of Forensic Investigations in Cloud Computing Environments",
+
  booktitle = {Proceedings of the 6th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE)},
+
  author={Dominik Birk and Christoph Wegener},
+
  year={2011},
+
  organization={IEEE},
+
  address = {Oakland, CA, USA},
+
  url="http://code-foundation.de/stuff/2011-birk-cloud-forensics.pdf"
+
}
+
 
+
</bibtex>
+
 
+
<bibtex>
+
@article{Araiza11,
+
  title="Electronic Discovery in the Cloud",
+
  author={Alberto G. Araiza},
+
  journal={Duke Law and Technology Review},
+
  volume = {8},
+
  year = {2011},
+
  url="http://scholarship.law.duke.edu/cgi/viewcontent.cgi?article=1222&context=dltr"
+
}
+
</bibtex>
+
 
+
<bibtex>
+
@article{Cross10,
+
  title="E-Discovery and Cloud Computing:  Control of ESI in the Cloud",
+
  author={David D. Cross and Emily Kuwahara},
+
  journal={EDDE Journal},
+
  volume = {1},
+
  number = {2},
+
  year = {2010},
+
  pages = {2--12},
+
  url="http://www.crowell.com/documents/E-Discovery-and-Cloud-Computing-Control-of-ESI-in-the-Cloud.pdf"
+
}
+
</bibtex>
+
 
+
<bibtex>
+
@book{Lil10,
+
  title="Digital Forensics for Network, Internet and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data",
+
  author={Terrance V. Lillard},
+
  year={2010},
+
  publisher={Syngress},
+
}
+
</bibtex>
+
 
+
<bibtex>
+
@inproceedings{Lu10,
+
  title="Secure provenance: the essential of bread and butter of data forensics in cloud computing",
+
  booktitle={Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS '10)},
+
  author={Rongxing Lu and Xiaodong Lin and Xiaohui Liang and Xuemin Sherman Shen},
+
  pages={282--292},
+
  year={2010},
+
  address={New York, NY, USA},
+
  organization={ACM},
+
  url="http://bbcr.uwaterloo.ca/~rxlu/paper/asiaccs185-lu.pdf"
+
}
+
 
+
</bibtex>
+
 
+
<bibtex>
+
 
+
@inproceedings{Wol09,
+
  title="Overcast: Forensic Discovery in Cloud Environments",
+
  booktitle = {Proceedings of the 2009 Fifth International Conference on IT Security Incident Management and IT Forensics (IMF '09)},
+
  author={Stephen D. Wolthusen},
+
  pages={3--9},
+
  year={2009},
+
  address={Washington, DC, USA},
+
  organization={IEEE Computer Society}
+
}
+
 
+
</bibtex>
+
 
+
 
+
 
+
[[Category:Bibliographies]]
+

Latest revision as of 14:13, 16 December 2013

Initially Windows 8 had a workstation and server edition. The server edition became Windows Server 2012.

New Features

The following new features were introduced in Windows 8:

File System

The file system used by Windows 8 is primarily NTFS.

The Resilient File System (ReFS) was initially available in the Windows 8 server edition but became part of Windows 2012 server edition.

Jump Lists

Jump Lists are Task Bar artifacts that were first introduced on Windows 7 and are also available on Windows 8.

Prefetch

The prefetch hash function is similar to Windows 2008.

The Windows Prefetch File Format was changed on Windows 8.1 to version 26. (note this could be Windows 8 as well but has not been confirmed)

Registry

The Windows Registry remains a core component of the Windows operating system.

Application Experience and Compatibility

On Windows 8 Amcache.hve replaces RecentFileCache.bcf and uses the Windows NT Registry File (REGF) format. A common location for Amcache.hve is:

C:\Windows\AppCompat\Programs\Amcache.hve

See Also

External Links