Josh Brunty, Digital Forensics Technical Manager at the Marshall University Forensic Science Center, presented his forensic research on Windows 8 June 5 at the Fourteenth International Techno Security and Digital Investigations Conference.
The annual conference was held June 3-6 in Myrtle Beach, S.C., with more than 1,000 attending, according to Brunty. Organizers of the event sought to raise international awareness of education and ethics in information technology security among practitioners and researchers from the digital forensics and information security community. The conference also provided networking opportunities to members of private industry, state, local and federal government agencies and international law enforcement agencies.
Brunty's research addressed new features of Windows 8 and explored differences that digital forensic examiners will encounter when conducting investigations.
Windows 8 is the next version of Microsoft Windows, a series of operating systems for personal computers. It is scheduled to be released near the end of 2012. The system features a new Metro-style interface that was designed for touchscreen, mouse, keyboard, and pen input. It is anticipated that the Windows 8 operating system will reflect major changes compared to previous versions.
Brunty said information about this new technology is limited, and sharing the research on Windows 8 with the law enforcement community will aid in digital forensic examinations.
"It is important to begin to identify these differences within the underlying file system and its structures before it is released to the general public," he said. "This includes a solid understanding of common registry and file system changes. In the coming months, many examiners and investigators will encounter this new operating system in the course of their investigations, so having a good understanding of how to investigate this new operating system in a forensic manner will be important to them."
The presentation focused on artifacts exclusive to Windows 8, including registry differences and artifacts of the new Immersive Web Browser. In addition, the new Redundant File System (ReFS), which is in development to be released with later versions of Windows 8 as an alternative replacement of the NTFS files system, was discussed.
For More Information Contact:
Forensic Science Center
Reprint of Marshall Magazine Spring 2012 Issue used by permission.
You will need Adobe Reader to view and print the above forms and information.