Difference between revisions of "Windows"

From ForensicsWiki
Jump to: navigation, search
m (Microsoft Windows moved to Windows)
(More stuff which is interesting for investigators.)
Line 1: Line 1:
A lot of background on Windows can be found in the Wikipedia entry, http://en.wikipedia.org/wiki/Microsoft_Windows. This page serves to give forensic information about Windows.
+
'''Windows''' is a widely-spread [[operating system]] from [[Microsoft]].
  
 +
== Forensics ==
  
== The Registry ==
+
=== Filesystems ===
  
The Registry is a database of keys and values that provides a wealth of information to forensic investigators.
+
[[FAT]], [[NTFS]], ...
 +
 
 +
=== Registry ===
 +
 
 +
The [[Registry]] of Windows systems is a database of keys and values that provides a wealth of information to forensic [[investigator]]s.
 +
 
 +
=== Thumbs.db Files ===
 +
 
 +
[[Thumbs.db]] files can be found on many Windows systems. They contain thumbnails of images or documents and can be of great value for the [[investigator]].
 +
 
 +
=== Browser Cache ===
 +
 
 +
=== Browser History ===
 +
 
 +
== External Links ==
 +
 
 +
* [http://en.wikipedia.org/wiki/Microsoft_Windows Wikipedia: Microsoft Windows]

Revision as of 17:39, 30 March 2006

Windows is a widely-spread operating system from Microsoft.

Forensics

Filesystems

FAT, NTFS, ...

Registry

The Registry of Windows systems is a database of keys and values that provides a wealth of information to forensic investigators.

Thumbs.db Files

Thumbs.db files can be found on many Windows systems. They contain thumbnails of images or documents and can be of great value for the investigator.

Browser Cache

Browser History

External Links