Friday, June 15, 2012

Introduction to Windows 8 Forensics

Dating back to late 2011, I began researching the Windows 8 operating system from a digital forensics standpoint.  I wanted to take an in depth look at the operating system using many of the commonly used tools in the digital forensics world today.  When I first took on the project, I thought - hey, how hard could this be?  I didn't quite grasp, at first, the notion that I was going to be examining an entire operating system and the complexities that would be involved in doing so.  Fortunately, I had some ideas on what I wanted to look at, and I also intended to build upon the other research that had been done already. 

At that point in time, there was one other person that was researching Windows 8 publically.  Kenneth Johnson, author of the blog random thoughts of forensics, was also working on examining Windows 8.  I viewed his initial research and saw what he was doing, and figured I'd check out some other artifacts to start.  With that, I built a preliminary list of the following:
  • Recycle Bin Properties
  • USB Drive Activity
  • Internet History
  • Windows 8 Reset and Refresh Feature
  • Event Logs
  • Prefetch Files
  • Jump Lists
  • File History Feature
With that, I started diving into the Developer Preview version that was released, examining the recycle bin, USB drive activity, internet activity, and the file history feature.  Jump lists, prefetch files, event logs, and the reset and refresh feature  were all still on the horizon for me.  As I got further into my research however, February 29th rolled around and the consumer preview was released - thus, my research was set back to a restart point.  Looking at the consumer preview, I dug into the same four primary topics of recycle bin, USB activity, internet history, and the file history feature.  Due to time constraints with the school year coming to a close and having to work another job, though, I was only able to get limited amounts of research done.  I did manage to discover a good amount of useful information, which I presented at the Conference for Undergraduates in Technology at Champlain College on April 21st, 2012. 

The following blog posts will touch on each individual item that was presented on.

No comments:

Post a Comment