Introduction to windows 10
This project continues last semester’s research into Windows 10. This time around we will take a closer look at tasks that we were unable to give our full attention to due to time constraints. While we previously used a Beta version of Windows 10, we are excited to announce that this semester we will be using a Microsoft Surface 3 with factory installed Windows. This will help us find any differences between the two versions and be able to give a better understanding forensically where artifacts are located/stored and how they are saved.
Analysis
Our Microsoft Surface 3 will be able to give us an advantage over last semester by allowing us to use a portable device rather than a desktop. Research will be done to analyze the various features that both the tablet and Windows 10 offer. We will also be able to compare the differences in data between last semester and this semester. This data will then be imaged and examined using forensic software picked out by our researchers.
The features we are focusing on are: Notification Center, Modern Office, Synced Data, Cortana Search History, Modern Mail Application, and Microsoft Edge (the newest version of Internet Explorer). We are also studying other new features in the official release of Windows 10 that were not in the Beta version.
Conclusion
We will be sharing our progress and findings in future blog posts throughout the coming months. If you have questions or comments about the project, you can leave a comment or contact the LCDI via Twitter @ChampForensics or via email at lcdi@champlain.edu.