Tag Archives: Windows

project recall

Project Recall: Windows 8 and 10 Forensics – Spring 2015

The Project Recall series will revisit successful and productive projects in the LCDI’s past. Windows 8 and 10 The mission of this project is to discover differences in the artifact locations of Windows 8 and Windows 10. It will also be within the scope of this project to find and discover new artifacts that are […]

Continue reading

Windows 10 Forensics: Conclusion

Windows 10 Forensics: Conclusion by Alex Parsons Results As the current semester comes to an end, so must the Windows 10 project. In the past five months we’ve made significant progress in analyzing core Windows 10 artifacts which will be documented in detail in incoming Windows LCDI 10 report. Before we release the report, we […]

Continue reading
Volume Shadow Copy

Volume Shadow Copy Part 2

Where is Volume Shadow Copy on your system? In part two of our blog series on Volume Shadow Copies, we clear up the common misconception that VSC has been removed from Windows 8 and briefly describe how to find the VSC files. We are again looking at Windows XP, Windows 7, and Windows 8.1. Volume […]

Continue reading
Windows 8

Windows 8 Forensics Part 2

Windows 8 Forensics Ethan Fleisher Senator Patrick Leahy Center for Digital Investigation Internet History Google Chrome History – Google Chrome History is stored within <root>users<username>appdatalocalgooglechromeuser datadefault.  After exporting this information out, I loaded it into a tool called Chrome Analysis Plus.  The following image depicts the information that I was able to obtain from Google […]

Continue reading

Windows 8 Forensics

Windows 8 Forensics Ethan Fleisher Senator Patrick Leahy Center for Digital Investigation Overview Today I am starting the preliminary research on the Windows 8 Operating System from a Digital Forensics standpoint. I will be comparing it primarily to known information on the Windows 7 Operating System. There are going to be many items that I […]

Continue reading