Kenneth Johnson from randomthoughtsofforensics.blogspot.com has contributed to the forensic community by researching File History Services, Restore Points, Refresh Points, and System Reset in Windows 8.
On June 12th, Ken (can I call you “Ken”?) discussed File History Services in a SANS Webcast, in which he briefly discussed what it is, how it’s configured, and its artifacts. This research can be found on a link in his blog or you can click here. He’s even released his own RegRipper Plugin for the HKU File History key.
Ken’s research on Windows 8 recovery options offers a peek into changes a forensic examiner will see. This research can be found here.
Again, it looks like we are learning some useful information about Windows 8. Feel free to contact me about any research you have conducted or are conducting so I can share your work.