Difference between revisions of "Windows"

From ForensicsWiki
Jump to: navigation, search
(More stuff which is interesting for investigators.)
(Changed registry link to clarify that it is the *Windows* registry we are talking about.)
Line 9: Line 9:
 
=== Registry ===
 
=== Registry ===
  
The [[Registry]] of Windows systems is a database of keys and values that provides a wealth of information to forensic [[investigator]]s.
+
The [[Windows Registry]] of a system is a database of keys and values that provides a wealth of information to forensic [[investigator]]s.
  
 
=== Thumbs.db Files ===
 
=== Thumbs.db Files ===

Revision as of 10:23, 21 April 2006

Windows is a widely-spread operating system from Microsoft.

Forensics

Filesystems

FAT, NTFS, ...

Registry

The Windows Registry of a system is a database of keys and values that provides a wealth of information to forensic investigators.

Thumbs.db Files

Thumbs.db files can be found on many Windows systems. They contain thumbnails of images or documents and can be of great value for the investigator.

Browser Cache

Browser History

External Links