Forensic Artifacts of Microsoft Windows Vista System

Capítulo de livro Revisado por pares

Forensic Artifacts of Microsoft Windows Vista System

2008; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-540-69304-8_31

ISSN

1611-3349

Autores

Daniel M. Purcell, Sheau-Dong Lang,

Tópico(s)

Security and Verification in Computing

Resumo

This paper reviews changes made to Microsoft Windows Vista system from earlier Windows operating system (such as XP) and directs attention to system artifacts that are of evidentiary values in typical computer forensics work. The issues addressed include: NTFS on-disk structure, file system's directory structures, symbolic links, and recycle bin; we also briefly mention artifacts related to Windows mail, paging file, thumbnail caching, and print spooling.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Forensic Artifacts of Microsoft Windows Vista System