Difference between pages "User Account Control (UAC)" and "Windows Vista"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(External Links)
 
 
Line 1: Line 1:
{{expand}}
+
== New Features ==
 +
* [[BitLocker Disk Encryption | BitLocker]]
 +
* [[Windows Desktop Search | Search]] integrated in operating system
 +
* [[ReadyBoost]]
 +
* [[SuperFetch]]
 +
* [[NTFS|Transactional NTFS (TxF)]]
 +
* [[Windows NT Registry File (REGF)|Transactional Registry (TxR)]]
 +
* [[Windows Shadow Volumes|Shadow Volumes]]; the volume-based storage of the Volume Shadow Copy data
 +
* $Recycle.Bin
 +
* [[Windows XML Event Log (EVTX)]]
 +
* [[User Account Control (UAC)]]
  
User Account Control (UAC) is a Windows sub-system introduced in Windows Vista that limits application software to standard user privileges until an administrator authorizes an increase or elevation.
+
== File System ==
 +
The file system used by Windows Vista is primarily [[NTFS]].
  
The file virtualization part of UAC is also referred to as LUA (LUAFV.SYS).
+
In Windows Vista, NTFS no longer tracks the Last Access time of a file by default. This feature can be enabled by setting the NtfsDisableLastAccessUpdate value to '0' in the Registry key:
 +
<pre>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem</pre>
  
== EventLogs ==
+
Note that this feature has been around since as early as Windows 2000 [http://technet.microsoft.com/en-us/library/cc959914.aspx].
Related EventLogs:
+
 
<pre>
+
== Prefetch ==
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx
+
Note that the prefetch hash function is different then that of [[Windows XP]] and [[Windows 2003]].
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx
+
 
</pre>
+
== Registry ==
 +
The [[Windows_Registry|Windows Registry]] remains a central component of the Windows Vista operating system.
 +
 
 +
== See Also ==
 +
* [[Windows]]
 +
* [[Windows 7]]
 +
* [[Windows 8]]
  
 
== External Links ==
 
== External Links ==
* [http://en.wikipedia.org/wiki/User_Account_Control Wikipedia: User Account Control]
+
* [https://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf Windows Vista Network Attack Surface Analysis], James Hoagland, Matt Conover, Tim Newsham, Ollie Whitehouse
* [http://www.codeproject.com/Articles/19165/Vista-UAC-The-Definitive-Guide Vista UAC: The Definitive Guide]
+
* [http://blogs.msdn.com/b/alexcarp/archive/2009/06/25/the-deal-with-luafv-sys.aspx The deal with LUAFV.SYS], by Alex Carp, June 25, 2009
+
* [http://journeyintoir.blogspot.ch/2012/10/you-are-not-admin-with-uac.html You Are Not Admin with UAC], by [[Corey Harrell]], October 8, 2012
+
* [http://journeyintoir.blogspot.ch/2013/03/uac-impact-on-malware.html UAC Impact on Malware], by [[Corey Harrell]], March 4, 2013
+
  
[[Category:Windows]]
+
[[Category:Operating systems]]

Revision as of 12:14, 20 October 2013

Contents

New Features

File System

The file system used by Windows Vista is primarily NTFS.

In Windows Vista, NTFS no longer tracks the Last Access time of a file by default. This feature can be enabled by setting the NtfsDisableLastAccessUpdate value to '0' in the Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem

Note that this feature has been around since as early as Windows 2000 [1].

Prefetch

Note that the prefetch hash function is different then that of Windows XP and Windows 2003.

Registry

The Windows Registry remains a central component of the Windows Vista operating system.

See Also

External Links