±Your Account
Membership:
New Today: 4
New Yesterday: 10
Overall: 24370
Visitors: 40
±Latest Articles
· Catching the ghost: how to discover ephemeral evidence with Live RAM analysis
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
±Follow Us
±Latest Jobs
Back to top
Skip to content
Skip to menu
Back to top
Back to main
Skip to menu
Go to page Previous 1, 2, 3, 4 Next
My apologies for that. A problem with Skype forced me to dial into the conference bridge on that last slide from a landline and for some reason the recording system didn't like it!
I'm sure Josh will be happy to point you in the right direction as far as resources are concerned.
Jamie
Good question Martin. From everything I saw in the beta testing I did the apps functioned much like programs did in previous versions of Windows, once an app was uninstalled there was still some residual registry artifacts that existed (although I did look at which ones did and did not). I will definitely put that on my list of "to do" things for version 2.0 of this research which I hope to have out at the end of the year.
This has been pretty cloudy from day 1, but I can't really answer your question for sure until the final version comes out in October. I will say that ReFS was developed with redundancy in mind, so I'm sure they will integrate such a new file system "storage pools" into it. I'd recommend reading up on storage pools and what it entails on Google as I don't give an explanation much justice.
I will say this however.... MS is trying to counter the iCloud, so be expected for some odd network storage component to be in place once the dust settles with this new OS.
-Josh
Windows 8 Forensics - A First Look
Re: Windows 8 Forensics - A First Look
Posted: Wed Aug 29, 2012 3:13 pm
- HwallbangerI would like to also bring to your attention, that the last presented slide (Pg. 25), your audio was very sporadic and a lot of what you had said could NOT be heard OR understood.
My apologies for that. A problem with Skype forced me to dial into the conference bridge on that last slide from a landline and for some reason the recording system didn't like it!
I'm sure Josh will be happy to point you in the right direction as far as resources are concerned.
Jamie
-
jamie - Site Admin
Re: Windows 8 Forensics - A First Look
Posted: Wed Aug 29, 2012 8:56 pm
Thanks for the forensic overview. Nice job.
_________________
Detective, LVMPD/Computer Forensics Lab,
USSS LV-ECTF/Computer Forensic Examiner,
_________________
Detective, LVMPD/Computer Forensics Lab,
USSS LV-ECTF/Computer Forensic Examiner,
-
bkberghuis - Newbie
Re: Windows 8 Forensics - A First Look
Posted: Thu Aug 30, 2012 12:29 am
How about the app registry's when the user uninstalls an app. Will they remain or will they be deleted/Unallocated clusters ?
Regards
Martin Vinther
NITEC Denmark
ps. Thanks for the video
Regards
Martin Vinther
NITEC Denmark
ps. Thanks for the video
-
Mav87th - Newbie
Re: Windows 8 Forensics - A First Look
Posted: Thu Aug 30, 2012 6:06 pm
- Mav87thHow about the app registry's when the user uninstalls an app. Will they remain or will they be deleted/Unallocated clusters ?
Regards
Martin Vinther
NITEC Denmark
ps. Thanks for the video
Good question Martin. From everything I saw in the beta testing I did the apps functioned much like programs did in previous versions of Windows, once an app was uninstalled there was still some residual registry artifacts that existed (although I did look at which ones did and did not). I will definitely put that on my list of "to do" things for version 2.0 of this research which I hope to have out at the end of the year.
-
brunty11 - Member
Re: Windows 8 Forensics - A First Look
Posted: Thu Aug 30, 2012 6:10 pm
- HwallbangerThere still seems to be some questions as to where your default created files will be stored.
In the past, since I believe Win95, you could look for where your login's profile's Document folder/directory was located. Then in Win7 came along the development of Libraries.
From what you have explored and read and researched, does the Non-bootable partition known as the Resilient File System have much to do with this ?
HWallbanger
This has been pretty cloudy from day 1, but I can't really answer your question for sure until the final version comes out in October. I will say that ReFS was developed with redundancy in mind, so I'm sure they will integrate such a new file system "storage pools" into it. I'd recommend reading up on storage pools and what it entails on Google as I don't give an explanation much justice.
I will say this however.... MS is trying to counter the iCloud, so be expected for some odd network storage component to be in place once the dust settles with this new OS.
-Josh
-
brunty11 - Member
Re: Windows 8 Forensics - A First Look
Posted: Tue Nov 27, 2012 6:38 pm
Is there a transcript available for this webinar?
_________________
Thanks;
Ashley
Computer Forensics Student - Second Year
University of Derby (UK)
_________________
Thanks;
Ashley
Computer Forensics Student - Second Year
University of Derby (UK)
-
bsc.Smith19 - Member