Abstract: Address the challenges for the Microsoft internal network security team in working with the unknowns in latest versions of Windows. While most of the world is still working on XP, Windows 8 is already on the Microsoft network. The problem is looking at each new version of Windows and figuring out what the new evidentiary artifacts are and how to examine them. It is a much harder job than it sounds, because there is no one source of information about everything that is new in the latest version of Windows or Office. This process includes review of source code, coordination with developers for detailed information, review of specifications, running tests, examination in hex editors, etc.
©2001-2011 DFRWS | dfrws [at] dfrws [dot] org
DFRWS is a US 501(c)(3) non-profit organization.