Notes on Vista forensics
One of the first things to note about users' data files is that they're not where they used to be! Instead of the familiar "Documents and Settings" folder we must instead look to a new folder called "Users". Other folders which typically fall under the scope of an examination have also moved so examiners running scripts which expect certain files or folders to be in specific locations may need to do some editing. Another interesting change is that Vista is configured by default to not update the last access time on files, a decision made to increase file system performance.
At The Register.
[ Read more ]
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.