Proposal / Submission Type
Peer Reviewed Paper
Location
Richmond, Virginia
Start Date
11-6-2013 2:30 PM
Abstract
One of the most difficult processes of digital forensics is to understand how new technology interacts with current technology and how digital forensic analysts can utilize current Digital Forensics technologies and processes to recover and find information hidden. Microsoft has released their new operating system Windows 8, with this new release Microsoft has added some features to the operating system that will present some interesting complications to digital forensics. Since the initial release of the Windows 8 Release Candidates there have been some research released that focus primarily on the new user created artifacts and a few artifacts that have been added by the operating system that might contain valuable information. This paper will look at the new recovery options that have been introduced in the final release of the Windows 8, and the impact that have on the artifacts. This paper will investigate the impact on system and user artifacts when the Windows 8 recovery methods are used. This paper will look the artifacts that are created between the different recover methods, as well as what artifacts can be recovered from the hard drive after a recovery method has been used.
Keywords: Windows 8, Digital Forensics, Recover Options, System Reset, System Refresh, File History
Scholarly Commons Citation
Johnson, W. K., "Journey into Windows 8 Recovery Artifacts" (2013). Annual ADFSL Conference on Digital Forensics, Security and Law. 3.
https://commons.erau.edu/adfsl/2013/tuesday/3
Included in
Computer Engineering Commons, Computer Law Commons, Electrical and Computer Engineering Commons, Forensic Science and Technology Commons, Information Security Commons
Journey into Windows 8 Recovery Artifacts
Richmond, Virginia
One of the most difficult processes of digital forensics is to understand how new technology interacts with current technology and how digital forensic analysts can utilize current Digital Forensics technologies and processes to recover and find information hidden. Microsoft has released their new operating system Windows 8, with this new release Microsoft has added some features to the operating system that will present some interesting complications to digital forensics. Since the initial release of the Windows 8 Release Candidates there have been some research released that focus primarily on the new user created artifacts and a few artifacts that have been added by the operating system that might contain valuable information. This paper will look at the new recovery options that have been introduced in the final release of the Windows 8, and the impact that have on the artifacts. This paper will investigate the impact on system and user artifacts when the Windows 8 recovery methods are used. This paper will look the artifacts that are created between the different recover methods, as well as what artifacts can be recovered from the hard drive after a recovery method has been used.
Keywords: Windows 8, Digital Forensics, Recover Options, System Reset, System Refresh, File History
