Windows Forensics Tweet  

Microsoft Windows has been the operating system (OS) of choice since the early 1990s. The first successful platform was Windows 3.11, followed by Windows 95, Windows 98 and Windows 2000. The Windows NT platform was created as a server side operating system, and lead to Windows XP, by far the more wide spread version so far. The new generation called Vista is now the new standard for Microsoft. There are several versions of the above mentioned, but these are the backbone of the Windows family.

Windows are a huge and complex operating system. It is worth mentioning that all the upgrades and Service Packs of Windows XP are at least 3 times the size of the original software.

Windows use a vast amount of files, temporary files, virtual memory, and memory resources. There is a large amount of temporary

 data stored on the hard disk or in the RAM at any time. The wealth of information that can be extrapolated include user information, activity logs, dates, times, etc. Because Windows is designed to preserve data, this makes things easy for the digital investigator to chose from a pool of data. Parts of the OS like the registry allow us to determine when a program was installed or removed, when a USB was attached or when other activities took place. Items moved to the Recycle Bin can be restored, and even when removed from there, they can be traced and retrieved on the hard dis.

Windows 7 presents new challenges to the forensic examiners. By keeping up to date, we manage to master the secrets of Microsoft's new OS which looks like it is going to be around a lot more than Vista.

Strathclyde Forensics has the technological know-how and resources that allow us to investigate your windows system, and provide you with the evidence you need for your case.