Difference between pages "Michael Cohen" and "Windows Vista"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(New page: = Michael Cohen = I am the lead developer of PyFlag, the Python Forensics and Log Analysis GUI. Other interests include Volatility, AFF4 and lots of bits and pieces. Main publications pa...)
 
 
Line 1: Line 1:
= Michael Cohen =
+
== New Features ==
 +
* [[BitLocker Disk Encryption | BitLocker]]
 +
* [[Windows Desktop Search | Search]] integrated in operating system
 +
* [[ReadyBoost]]
 +
* [[SuperFetch]]
 +
* [[NTFS|Transactional NTFS (TxF)]]
 +
* [[Windows NT Registry File (REGF)|Transactional Registry (TxR)]]
 +
* [[Windows Shadow Volumes|Shadow Volumes]]; the volume-based storage of the Volume Shadow Copy data
 +
* $Recycle.Bin
 +
* [[Windows XML Event Log (EVTX)]]
 +
* [[User Account Control (UAC)]]
  
I am the lead developer of PyFlag, the Python Forensics and Log Analysis GUI. Other interests include Volatility, AFF4 and lots of bits and pieces.
+
== File System ==
 +
The file system used by Windows Vista is primarily [[NTFS]].
  
Main publications page on http://www.pyflag.net/cgi-bin/moin.cgi/Scudette
+
In Windows Vista, NTFS no longer tracks the Last Access time of a file by default. This feature can be enabled by setting the NtfsDisableLastAccessUpdate value to '0' in the Registry key:
 +
<pre>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem</pre>
  
If you want to send me an email, I'm on scudette .at. gmail.com.
+
Note that this feature has been around since as early as Windows 2000 [http://technet.microsoft.com/en-us/library/cc959914.aspx].
 +
 
 +
== Prefetch ==
 +
Note that the prefetch hash function is different then that of [[Windows XP]] and [[Windows 2003]].
 +
 
 +
== Registry ==
 +
The [[Windows_Registry|Windows Registry]] remains a central component of the Windows Vista operating system.
 +
 
 +
== See Also ==
 +
* [[Windows]]
 +
* [[Windows 7]]
 +
* [[Windows 8]]
 +
 
 +
== External Links ==
 +
* [https://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf Windows Vista Network Attack Surface Analysis], James Hoagland, Matt Conover, Tim Newsham, Ollie Whitehouse
 +
 
 +
[[Category:Operating systems]]

Revision as of 13:14, 20 October 2013

New Features

File System

The file system used by Windows Vista is primarily NTFS.

In Windows Vista, NTFS no longer tracks the Last Access time of a file by default. This feature can be enabled by setting the NtfsDisableLastAccessUpdate value to '0' in the Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem

Note that this feature has been around since as early as Windows 2000 [1].

Prefetch

Note that the prefetch hash function is different then that of Windows XP and Windows 2003.

Registry

The Windows Registry remains a central component of the Windows Vista operating system.

See Also

External Links