Windows vista

New Features

• BitLocker
• Search integrated in operating system
• ReadyBoost
• SuperFetch
• Transactional NTFS (txf)
• Transactional Registry (txr)
• Shadow Volumes; the volume-based storage of the Volume Shadow Copy data
• \$Recycle.Bin
• Windows XML Event Log (evtx)
• User Account Control (uac)

File System

The file system used by Windows Vista is primarily NTFS.

In Windows Vista, NTFS no longer tracks the Last Access time of a file by default. This feature can be enabled by setting the NtfsDisableLastAccessUpdate value to '0' in the Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem

Note that this feature has been around since as early as Windows 2000 1.

Prefetch

Note that the prefetch hash function is different then that of Windows XP.

The Windows Prefetch File Format was changed to version 23.

Registry

The Windows Registry remains a central component of the Windows Vista operating system.

User Interface Privilege Isolation (UIPI)

As part of the secure initiative in Vista, applications with UI will run in three different levels of privilege. Application windows can interact with others windows of the same or lower levels, but cannot interact with applications at higher level/permission.

See Also

• SuperFetch
• Windows
• Windows 7
• Windows 8

External Links

• Windows Vista Network Attack Surface Analysis, by Tim Newsham, James Hoagland
• Inside the Windows Vista Kernel: Part 1, by Mark Russinovich, February 2007
• Inside the Windows Vista Kernel: Part 2, by Mark Russinovich, March 2007
• Inside the Windows Vista Kernel: Part 3, by Mark Russinovich, April 2007
• Forensic Implications of Windows Vista, by Barrie Stewart, September 2007