This wiki will be going offline permanently in the near future. An exact date will be announced soon. Thank you for being a part of this community.
If you wish to work on the new forensicswiki, please join the Google Group forensicswiki-reborn
- Search integrated in operating system
- Transactional NTFS (TxF)
- Transactional Registry (TxR)
- Shadow Volumes; the volume-based storage of the Volume Shadow Copy data
- Windows XML Event Log (EVTX)
- User Account Control (UAC)
The file system used by Windows Vista is primarily NTFS.
In Windows Vista, NTFS no longer tracks the Last Access time of a file by default. This feature can be enabled by setting the NtfsDisableLastAccessUpdate value to '0' in the Registry key:
Note that this feature has been around since as early as Windows 2000 .
The Windows Registry remains a central component of the Windows Vista operating system.