Top Ad unit 728 × 90

Latest News

random

Daily Blog #559: Forensic Lunch Test Kitchen 12/6/18

Hello Reader,
  Tonight we tested the new NTFSDisableLastAccessUpdate registry key in Windows 10 1803. Here's what we learned:

  • We learned that reading double negatives can be hard, it turns out my system did have last access dates on (value of 2) as Maxim Suhanov stated as my system drive was <= 128gb in size
  • We learned that drives larger than 128gb in size (my host system) have last access dates off (value of 3)
  • We learned that changing the value from 2 to 3 will be reversed on reboot as system managed really does mean system managed. 
  • We learned that changing the value from 2 to 1 will remain 1 on reboot meaning user managed will not be overruled by the system on reboot.
  • We learned that we will have to double check every system now because as of Windows 10 1803 we may have updated last access dates again!
You can watch the video here:

Daily Blog #559: Forensic Lunch Test Kitchen 12/6/18 Reviewed by David Cowen on December 06, 2018 Rating: 5

No comments:

All Rights Reserved by Hacking Exposed Computer Forensics Blog © 2014 - 2020
Powered By Blogger, Designed by Sweetheme

Contact Form

Name

Email *

Message *

Powered by Blogger.