Event / Presentation Title

Journey into Windows 8 Recovery Artifacts

Presenter Information

W. K. Johnson, KPMG, USAFollow

Proposal / Submission Type

Peer Reviewed Paper

Location

Richmond, Virginia

Start Date

11-6-2013 2:30 PM

Abstract

One of the most difficult processes of digital forensics is to understand how new technology interacts with current technology and how digital forensic analysts can utilize current Digital Forensics technologies and processes to recover and find information hidden. Microsoft has released their new operating system Windows 8, with this new release Microsoft has added some features to the operating system that will present some interesting complications to digital forensics. Since the initial release of the Windows 8 Release Candidates there have been some research released that focus primarily on the new user created artifacts and a few artifacts that have been added by the operating system that might contain valuable information. This paper will look at the new recovery options that have been introduced in the final release of the Windows 8, and the impact that have on the artifacts. This paper will investigate the impact on system and user artifacts when the Windows 8 recovery methods are used. This paper will look the artifacts that are created between the different recover methods, as well as what artifacts can be recovered from the hard drive after a recovery method has been used.

Keywords: Windows 8, Digital Forensics, Recover Options, System Reset, System Refresh, File History

 
Jun 11th, 2:30 PM

Journey into Windows 8 Recovery Artifacts

Richmond, Virginia

One of the most difficult processes of digital forensics is to understand how new technology interacts with current technology and how digital forensic analysts can utilize current Digital Forensics technologies and processes to recover and find information hidden. Microsoft has released their new operating system Windows 8, with this new release Microsoft has added some features to the operating system that will present some interesting complications to digital forensics. Since the initial release of the Windows 8 Release Candidates there have been some research released that focus primarily on the new user created artifacts and a few artifacts that have been added by the operating system that might contain valuable information. This paper will look at the new recovery options that have been introduced in the final release of the Windows 8, and the impact that have on the artifacts. This paper will investigate the impact on system and user artifacts when the Windows 8 recovery methods are used. This paper will look the artifacts that are created between the different recover methods, as well as what artifacts can be recovered from the hard drive after a recovery method has been used.

Keywords: Windows 8, Digital Forensics, Recover Options, System Reset, System Refresh, File History