Sunday, December 22, 2013

Daily Blog #182: Sunday Funday 12/22/13

Hello Reader,
        Continuing my attempt to bring the forensic lunch into more relevance for those of you who are hoping to get a leg up on Sunday Funday's I am going to theme this weeks challenge on Windows 8 again. You can watch this weeks episode here: http://www.youtube.com/watch?v=PZBjams_abg

The Prize:

  • A 4TB External Seagate Goflex drive

The Rules:
  1. You must post your answer before Monday 12/23/13 5PM CST (GMT -5)
  2. The most complete answer wins
  3. You are allowed to edit your answer after posting
  4. If two answers are too similar for one to win, the one with the earlier posting time wins
  5. Be specific and be thoughtful 
  6. Anonymous entries are allowed, please email them to dcowen@g-cpartners.com
  7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post

The Challenge:
This week on the forensic lunch you heard Rob Lee talk about the challenges of using the same tools and techniques between Windows XP and Windows 8. For this challenge:

1. Explain the artifacts for execution you can find on windows xp and windows 8
2. For those artifacts that are in the same location for both, explain what differences exist