The article provides an overview of the forensic artifacts found in Windows 11, particularly the changes introduced with the Recall feature, which captures user activity through screenshots. This feature raises data privacy concerns due to its ability to store sensitive information, although it offers valuable insights for incident responders if exploited inappropriately. The update to standard applications like Notepad, which now supports multi-tab functionality, also introduces new artifacts relevant for investigations. Further, the article discusses modifications to NTFS attribute behavior and the Program Compatibility Assistant that can aid forensic analyses. These insights are crucial for investigators analyzing incidents and point to evolving digital forensics practices with advancements in technology.
👉 Pročitaj original: Kaspersky Securelist
