Windows Vista

From Forensics Wiki
Revision as of 12:18, 20 October 2013 by Joachim Metz (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


New Features

File System

The file system used by Windows Vista is primarily NTFS.

In Windows Vista, NTFS no longer tracks the Last Access time of a file by default. This feature can be enabled by setting the NtfsDisableLastAccessUpdate value to '0' in the Registry key:


Note that this feature has been around since as early as Windows 2000 [1].


Note that the prefetch hash function is different then that of Windows XP.

The Windows Prefetch File Format was changed to version 23.


The Windows Registry remains a central component of the Windows Vista operating system.

See Also

External Links