Difference between pages "Paraben" and "Windows Vista"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m
 
 
Line 1: Line 1:
{{Wikify}}
+
== New Features ==
 +
* [[BitLocker Disk Encryption | BitLocker]]
 +
* [[Windows Desktop Search | Search]] integrated in operating system
 +
* [[ReadyBoost]]
 +
* [[SuperFetch]]
 +
* [[NTFS|Transactional NTFS (TxF)]]
 +
* [[Windows NT Registry File (REGF)|Transactional Registry (TxR)]]
 +
* [[Windows Shadow Volumes|Shadow Volumes]]; the volume-based storage of the Volume Shadow Copy data
 +
* $Recycle.Bin
 +
* [[Windows XML Event Log (EVTX)]]
 +
* [[User Account Control (UAC)]]
  
'''Paraben''' offers a wide variety of tools for analyzing disk drives and portable devices like [[cell phones]] and [[PDAs]].
+
== File System ==
 +
The file system used by Windows Vista is primarily [[NTFS]].
  
=Features=
+
In Windows Vista, NTFS no longer tracks the Last Access time of a file by default. This feature can be enabled by setting the NtfsDisableLastAccessUpdate value to '0' in the Registry key:
 +
<pre>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem</pre>
  
==File Systems Understood==
+
Note that this feature has been around since as early as Windows 2000 [http://technet.microsoft.com/en-us/library/cc959914.aspx].
  
* Major Windows formats
+
== Prefetch ==
* RAW format
+
Note that the prefetch hash function is different then that of [[Windows XP]] and [[Windows 2003]].
  
===Email Examiner===
+
== Registry ==  
 +
The [[Windows_Registry|Windows Registry]] remains a central component of the Windows Vista operating system.
  
Their tool for searching email ("Email Examiner") can pull apart these files:
+
== See Also ==
 +
* [[Windows]]
 +
* [[Windows 7]]
 +
* [[Windows 8]]
  
* Outlook (PST)
+
== External Links ==
* Outlook Express (DBX)
+
* [https://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf Windows Vista Network Attack Surface Analysis], James Hoagland, Matt Conover, Tim Newsham, Ollie Whitehouse
* AOL 6,7,8,9 (PFC)
+
* MBox
+
* Eudora
+
* Mozilla Mail
+
* Fox Mail
+
* Juno
+
* Calypso
+
* MSN Mail
+
* USENET newsgroups
+
  
==File Search Facilities==
+
[[Category:Operating systems]]
 
+
==Historical Reconstruction==
+
 
+
Can it build timelines and search by creation date?
+
 
+
==Searching Abilities==
+
 
+
* With "Text Searcher". Offers complex queries and searching of slack space.
+
* Comes with an index building wizard.
+
 
+
==Hash Databases==
+
 
+
Can it create hashes of files and/or blocks? Can it compare these hash values to any databases?
+
What sort of hash functions does it use?
+
 
+
==Evidence Collection Features==
+
 
+
* Offers a feature called "Case Agent Companion v1.0" for tracking what the case agent does.
+
 
+
=History=
+
+
==License Notes==
+
 
+
Commercial.
+
 
+
= External Links =
+
 
+
* [http://www.paraben-forensics.com/ Paraben website]
+
 
+
==External Reviews==
+
 
+
[[Category:Vendor]]
+

Revision as of 12:14, 20 October 2013

New Features

File System

The file system used by Windows Vista is primarily NTFS.

In Windows Vista, NTFS no longer tracks the Last Access time of a file by default. This feature can be enabled by setting the NtfsDisableLastAccessUpdate value to '0' in the Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem

Note that this feature has been around since as early as Windows 2000 [1].

Prefetch

Note that the prefetch hash function is different then that of Windows XP and Windows 2003.

Registry

The Windows Registry remains a central component of the Windows Vista operating system.

See Also

External Links