Difference between pages ".XRY" and "Windows Vista"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
{{Infobox_Software |
+
== New Features ==
  name = XRY |
+
* [[BitLocker Disk Encryption | BitLocker]]
  maintainer = [[Micro Systemation]] |
+
* [[Windows Desktop Search | Search]] integrated in operating system
  os = {{Windows}} |
+
* [[ReadyBoost]]
  genre = {{Mobile forensics}} |
+
* [[SuperFetch]]
  license = {{Commercial}} |
+
* [[NTFS|Transactional NTFS (TxF)]]
  website = [http://www.msab.com www.msab.com] |
+
* [[Windows NT Registry File (REGF)|Transactional Registry (TxR)]]
}}
+
* [[Windows Shadow Volumes|Shadow Volumes]]; the volume-based storage of the Volume Shadow Copy data
 +
* $Recycle.Bin
 +
* [[Windows XML Event Log (EVTX)]]
 +
* [[User Account Control (UAC)]]
  
'''XRY''', pronounced "ex-arr-why", is a forensic system specifically designed for analyzing mobile digital devices written by [[Micro Systemation]]. The software is designed to run on a Windows computer and will retrieve information from mobile phones for immediate display of the results or files can be saved for later analysis. At the time of writing support levels including smartphones, gps units and mobile tablets such as the iPad.
+
== File System ==
 +
The file system used by Windows Vista is primarily [[NTFS]].
  
== Overview ==
+
In Windows Vista, NTFS no longer tracks the Last Access time of a file by default. This feature can be enabled by setting the NtfsDisableLastAccessUpdate value to '0' in the Registry key:
XRY comes complete with software that reads information and then creates reports on the data, and also the hardware: the "XRY Communications Unit". The hardware is connected to a computer using a USB cable. The standard package of phone cables contains 40 different cables. USB, Bluetooth and IR are available in order to connect as many different telephone models as possible to the unit.
+
<pre>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem</pre>
  
Specifically it can grab phone book information, SMS and other text messages, call lists, calendar entries, task items, pictures, media files, and SIM card information. XRY also retrieves a lot of information about the phone itself, such as IMEI/ESN, IMSI, model no., matching between the clock in the telephone and the computer, etc. An encrypted file is created, containing a copy of the information retrieved from the phone. XRY has got full support for Unicode.
+
Note that this feature has been around since as early as Windows 2000 [http://technet.microsoft.com/en-us/library/cc959914.aspx].
  
== Supported devices ==  
+
== Prefetch ==
The tool supports more than 4,000 different mobile device profiles including [[GSM]], [[UMTS]] and [[CDMA]] phones. SIM cards are supported as well. Smartphones such as Android, BlackBerry, iPhone, Symbian and Windows Mobile are supported.  
+
Note that the prefetch hash function is different then that of [[Windows XP]] and [[Windows 2003]].
  
Support for new phones is added in each release, which in 2008 was quarterly.
+
== Registry ==
 +
The [[Windows_Registry|Windows Registry]] remains a central component of the Windows Vista operating system.
  
== XRY Reader ==
+
== See Also ==
XRY creates a report containing the user's own logotype, address, etc. and the basic required information. The generated report can either be printed out, exported in whole or in part, or forwarded electronically with .XRY Reader which is distributed for free. A search function simplifies the task of searching for a particular name/number or some other type of text.
+
* [[Windows]]
 +
* [[Windows 7]]
 +
* [[Windows 8]]
  
== External Links ==  
+
== External Links ==
* [http://www.msab.com/en/mobile-forensic-products/XRY-Mobile-Version-Forensic-Software/ Official web site]
+
* [https://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf Windows Vista Network Attack Surface Analysis], James Hoagland, Matt Conover, Tim Newsham, Ollie Whitehouse
 +
 
 +
[[Category:Operating systems]]

Revision as of 13:14, 20 October 2013

New Features

File System

The file system used by Windows Vista is primarily NTFS.

In Windows Vista, NTFS no longer tracks the Last Access time of a file by default. This feature can be enabled by setting the NtfsDisableLastAccessUpdate value to '0' in the Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem

Note that this feature has been around since as early as Windows 2000 [1].

Prefetch

Note that the prefetch hash function is different then that of Windows XP and Windows 2003.

Registry

The Windows Registry remains a central component of the Windows Vista operating system.

See Also

External Links