Difference between revisions of "Windows Vista"

From ForensicsWiki
Jump to: navigation, search
Line 20: Line 20:
  
 
== Prefetch ==
 
== Prefetch ==
Note that the prefetch hash function is different then that of [[Windows XP]] and [[Windows 2003]].
+
Note that the prefetch hash function is different then that of [[Windows XP]].
 +
 
 +
The Windows Prefetch File Format was changed to version 23.
  
 
== Registry ==  
 
== Registry ==  

Revision as of 13:17, 20 October 2013

New Features

File System

The file system used by Windows Vista is primarily NTFS.

In Windows Vista, NTFS no longer tracks the Last Access time of a file by default. This feature can be enabled by setting the NtfsDisableLastAccessUpdate value to '0' in the Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem

Note that this feature has been around since as early as Windows 2000 [1].

Prefetch

Note that the prefetch hash function is different then that of Windows XP.

The Windows Prefetch File Format was changed to version 23.

Registry

The Windows Registry remains a central component of the Windows Vista operating system.

See Also

External Links