Kenneth Johnson from randomthoughtsofforensics.blogspot.com has contributed to the forensic community by researching File History Services, Restore Points, Refresh Points, and System Reset in Windows 8.

On June 12th, Ken (can I call you “Ken”?) discussed File History Services in a SANS Webcast, in which he briefly discussed what it is, how it’s configured, and its artifacts.  This research can be found on a link in his blog or you can click here.  He’s even released his own RegRipper Plugin for the HKU File History key.

Ken’s research on Windows 8 recovery options offers a peek into changes a forensic examiner will see.  This research can be found here.

Again, it looks like we are learning some useful information about Windows 8.  Feel free to contact me about any research you have conducted or are conducting so I can share your work.

Posted by on June 19, 2012 in Windows 8 - General and tagged , , , , , , , , , .

Leave a Comment

About propellerhead23

I have been in the computer forensics field for about five years. I got my start while serving in the Army on active duty and used what I learned while deployed to Iraq. I currently hold the EnCE and ACE certifications and I am also a member of a couple of forensic professional organizations. I am working in the field and also pursuing a graduate degree in computer forensics. I enjoy what I do - mostly because there's always something to learn and would be thrilled if what I've learned could be of use to someone within the community.

Do you haves something to say?

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s