I pulished my Vista Forensics slides on my german computer forensics website.
Vista Forensics Slides
«
6 March 2008 |
15:21 |
Events, Forensics |
No Comments | 694 Views
»
Talk about Windows Vista Forensics
«
29 December 2007 |
11:52 |
Events, Forensics, Speeches |
1 Comment | 877 Views
»
I’m going to talk about Windows Vista Forensics at the DFN-CERT workshop. The workshop will be held on Februray 13 and 14, 2008 in Hamburg, Germany.
I’m going to talk about Windows Vista Forensics at the DFN-CERT workshop. The workshop will be held on Februray 13 and 14, 2008 in Hamburg, Germany.
WTF is Microsoft doing with the Last Access Timestamp on Vista?
«
20 November 2007 |
8:52 |
Forensics, Stories |
2 Comments | 1,129 Views
»
I recently discovered, that Microsoft destroyed a most valuable digital forensics evidence source on NTFS filesystems with Vista. The default registry key value for HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet \ Control\FileSystem\NtfsDisableLastAccessUpdate is now “1″, which means no last access timestamp will be written at all. On Windows XP and Windows 2000
I recently discovered, that Microsoft destroyed a most valuable digital forensics evidence source on NTFS filesystems with Vista. The default registry key value for HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet \ Control\FileSystem\NtfsDisableLastAccessUpdate is now “1″, which means no last access timestamp will be written at all. On Windows XP and Windows 2000
