Difference between pages "User:Nswenson" and "Windows 8"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(Created page with 'Nathan Swenson is an engineer for AccessData who spends most of his time working on FTK. Anything I write here is my own and doesn't reflect AccessData policy or opinion.')
 
(External Links)
 
Line 1: Line 1:
Nathan Swenson is an engineer for AccessData who spends most of his time working on FTK. Anything I write here is my own and doesn't reflect AccessData policy or opinion.
+
Initially Windows 8 had a workstation and server edition. The server edition became Windows Server 2012.
 +
 
 +
== New Features ==
 +
The following new features were introduced in Windows 8:
 +
* [[Windows File History | File History]]
 +
* [[Windows Storage Spaces | Storage Spaces]]
 +
* [[Search Charm History]]
 +
 
 +
== File System ==
 +
The file system used by Windows 8 is primarily [[NTFS]].
 +
 
 +
The [[Resilient File System (ReFS)]] was initially available in the Windows 8 server edition but became part of Windows 2012 server edition.
 +
 
 +
== Jump Lists ==
 +
[[Jump Lists]] are Task Bar artifacts that were first introduced on Windows 7 and are also available on Windows 8.
 +
 
 +
== [[Prefetch]] ==
 +
The prefetch hash function is similar to [[Windows 2008]].
 +
 
 +
The [[Windows Prefetch File Format]] was changed on Windows 8.1 to version 26. (note this could be Windows 8 as well but has not been confirmed)
 +
 
 +
== Registry ==
 +
The [[Windows_Registry|Windows Registry]] remains a core component of the Windows operating system.
 +
 
 +
== Application Experience and Compatibility ==
 +
On Windows 8 Amcache.hve replaces RecentFileCache.bcf and uses the [[Windows NT Registry File (REGF)]] format. A common location for Amcache.hve is:
 +
<pre>
 +
C:\Windows\AppCompat\Programs\Amcache.hve
 +
</pre>
 +
 
 +
== See Also ==
 +
* [[Windows]]
 +
* [[Windows Vista]]
 +
* [[Windows 7]]
 +
 
 +
== External Links ==
 +
* [http://en.wikipedia.org/wiki/Features_new_to_Windows_8 Features new to Windows 8], Wikipedia
 +
* [http://computerforensics.champlain.edu/blog/windows-8-forensics Windows 8 Forensics - part 1]
 +
* [http://computerforensics.champlain.edu/blog/windows-8-forensics-part-2 Windows 8 Forensics - part 2]
 +
* [http://computerforensics.champlain.edu/blog/windows-8-forensics-part-3 Windows 8 Forensics - part 3]
 +
* [http://propellerheadforensics.files.wordpress.com/2012/05/thomson_windows-8-forensic-guide2.pdf Windows 8 Forensic Guide], by [[Amanda Thomson|Amanda C. F. Thomson]], 2012
 +
* [http://forensicfocus.com/Forums/viewtopic/t=9604/ Forensic Focus: Windows 8 Forensics - A First Look], [http://www.youtube.com/watch?v=uhCooEz9FQs&feature=youtu.be Presentation], [http://www.forensicfocus.com/downloads/windows-8-forensics-josh-brunty.pdf Slides], by [[Josh Brunty]], August 2012
 +
* [http://dfstream.blogspot.ch/2013/03/windows-8-tracking-opened-photos.html Windows 8: Tracking Opened Photos], by [[Jason Hale]], March 8, 2013
 +
* [http://dfstream.blogspot.com/2013/09/windows-8-and-81-search-charm-history.html Windows 8 and 8.1: Search Charm History], by [[Jason Hale]], September 9, 2013
 +
* [http://www.swiftforensics.com/2013/12/amcachehve-in-windows-8-goldmine-for.html Amcache.hve in Windows 8 - Goldmine for malware hunters], by Yogesh Khatri, December 4, 2013
 +
* [http://www.swiftforensics.com/2013/12/amcachehve-part-2.html Amcache.hve - Part 2], by Yogesh Khatri, December 16, 2013
 +
 
 +
[[Category:Operating systems]]

Latest revision as of 14:13, 16 December 2013

Initially Windows 8 had a workstation and server edition. The server edition became Windows Server 2012.

Contents

New Features

The following new features were introduced in Windows 8:

File System

The file system used by Windows 8 is primarily NTFS.

The Resilient File System (ReFS) was initially available in the Windows 8 server edition but became part of Windows 2012 server edition.

Jump Lists

Jump Lists are Task Bar artifacts that were first introduced on Windows 7 and are also available on Windows 8.

Prefetch

The prefetch hash function is similar to Windows 2008.

The Windows Prefetch File Format was changed on Windows 8.1 to version 26. (note this could be Windows 8 as well but has not been confirmed)

Registry

The Windows Registry remains a core component of the Windows operating system.

Application Experience and Compatibility

On Windows 8 Amcache.hve replaces RecentFileCache.bcf and uses the Windows NT Registry File (REGF) format. A common location for Amcache.hve is:

C:\Windows\AppCompat\Programs\Amcache.hve

See Also

External Links