Title

Forensic Artifacts Of Microsoft Windows Vista System

Keywords

Artifacts; Forensics; NTFS; Paging file; Print spooling; Recycle bin; Symbolic link; Thumbnail; Windows Vista

Abstract

This paper reviews changes made to Microsoft Windows Vista system from earlier Windows operating system (such as XP) and directs attention to system artifacts that are of evidentiary values in typical computer forensics work. The issues addressed include: NTFS on-disk structure, file system's directory structures, symbolic links, and recycle bin; we also briefly mention artifacts related to Windows mail, paging file, thumbnail caching, and print spooling. © 2008 Springer-Verlag Berlin Heidelberg.

Publication Date

7-1-2008

Publication Title

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volume

5075 LNCS

Number of Pages

304-319

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1007/978-3-540-69304-8_31

Socpus ID

45849099815 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/45849099815

This document is currently not available here.

Share

COinS