Sunday, March 23, 2014

Daily Blog #273: Sunday Funday 3/23/14

Hello Reader,
             This Sunday Funday is going up later in the day than normal so I will shift the deadline to be later in the day as well. If you watched the Forensic Lunch this Friday you heard Nasa & Khizra talk about a new feature in Windows 8 called File History. For this Sunday Funday let's see how well you've been keeping up with an operating system that has been out for over a year for a prize worth fighting for.

The Prize:
A free ticket to the SANS DFIR Summit! (A $499 value if you were to register in the next week with the discount code 'SUMMIT')



The Rules:
  1. You must post your answer before Monday 3/23/14 2PM CST (GMT -5)
  2. The most complete answer wins
  3. You are allowed to edit your answer after posting
  4. If two answers are too similar for one to win, the one with the earlier posting time wins
  5. Be specific and be thoughtful 
  6. Anonymous entries are allowed, please email them to dcowen@g-cpartners.com
  7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post

The Challenge:
What changes have occurred between Windows 7 and Windows 8 that have created new forensic artifacts for examiners to recover and analysis. List as many as you can find with a short description of what they are/mean/do.