Please use this topic for discussion of the webinar

Windows 8 Forensics - A First Look

presented by Josh Brunty, Assistant Professor of Digital Forensics at Marshall University.

If you encountered any problems viewing the webinar please try the YouTube version here. Additionally, a PDF with slides from the presentation can be found here.

Kind regards,

Jamie
_________________
Jamie Morris
Forensic Focus
Web: www.forensicfocus.com
Blog: www.forensicfocus.com/blog
Twitter: twitter.com/ForensicFocus
LinkedIn: www.linkedin.com/in/jamiemorris 

Last edited by jamie on Wed Aug 29, 2012 10:21 am; edited 2 times in total

Thank you Jamie!
-Art-

- jamie

Sorry everyone, looks like Meetingburner can't hand the volume - please try the YouTube version at youtu.be/uhCooEz9FQs

 

I got as far as the mention of "apps" having there own local storage space. Any indication that user data archived will by Windows or will this be up to each app?

Thanks,
_________________
Greg Marshall, EnCE 

Hey folks. it's Josh Brunty and I'll be monitoring this message board thread throughout the day for any questions you might have regarding Windows 8...

To those interested, I'd suggest downloading and playing with the newest Windows 8 Release Preview, which you can obtain from Microsoft from the following link:

windows.microsoft.com/...8/download

Also, here is a TechNet overview of the features to be included in Windows 8 (Microsoft is changing the names of some features again) so this a good repository of those features that are available:

technet.microsoft.com/...ows-8.aspx

Once again, thanks for the interest in the presentation (so much so we crashed the meeting room).

-Josh  

- gmarshall139

I got as far as the mention of "apps" having there own local storage space. Any indication that user data archived will by Windows or will this be up to each app?

Thanks,

Well, Microsoft has constructed the metro app to cache files much like an internet browser caches for quick access to data when it's opened up again. Such caching can be turned off in settings, but I don't know if app developers can do it with a specific app or not. Most of them won't as it degrades and slows the "speed" of their app loading.

This is great for us as it gives us a lot of residual cache data to examine and piece together in a given investigation. However, expect Microsoft to possibly secure this open cache in future service packs to mitigate any security issues that might hijack such cache data...  

Hi,

If it's not too late i'd like to know a bit more about Windows 8 shadow copy system (compared to windows 7 / Vista)

It seems that it is not in the presentation (after the registry)

Kind regards

Jean-Philippe Noat  

Will PsTools work on this Windows 8, as how its been very useful all the while