How to recognize a Windows 8 system?

PM,

I'm not sure that I see the issue.

As ReFS isn't available yet, the file system will most likely be NTFS. As such, you could perform analysis of a Windows 8 system using FTK Imager and a number of free and open source tools.

Is there something I'm missing?

It's not really an issue, I just want to know if there is a way to quickly identify that a drive is a Win8 OS drive.

It's not really an issue, I just want to know if there is a way to quickly identify that a drive is a Win8 OS drive.

What about rip.exe -r software -p winnt_cv | grep "ProductName"
might give you a quick indication…

Yeah, it's that easy.

To be clear, you don't determine that a "drive" is Windows 8, per se…you can determine that a drive has a partition that is formatted NTFS, and onto which Windows 8 has been installed.

Again, I'm not seeing what the issue is if Windows 8 is installed…

What about rip.exe -r software -p winnt_cv | grep "ProductName"
might give you a quick indication…

All hail the mighty command line!

Again, I'm not seeing what the issue is if Windows 8 is installed…

I think PM would like a quick way to determine the OS so that the examination is performed the right way. IE no point looking for XP artefacts.

I start all of my examinations by running a batch file that will get me the info out of the registry that will tell me OS info, user info, comp name and last shutdown (among other bits and pieces)

I start my exams by using this
http//windowsir.blogspot.com/2012/10/motivations-behind-forensic-scanner.html

I'm not sure why but whenever I go to the forensic scanner downloads section it shows up blank. User error on my part I'm sure

I'm really surprised by that…I keep getting LinkedIn connection requests from people who want to connect with me for no other reason than they follow my blog…so I kind of thought everyone caught this…

http//windowsir.blogspot.com/2012/11/forensic-scanner-has-moved.html

My employer made me move the Forensic Scanner to the corporate GitHub site.