Forensics
Disabling Last Access Time in Windows Vista to improve NTFS performance Nov 07 2006 08:14PM
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net)
http://blogs.technet.com/filecab/archive/2006/11/07/disabling-last-acces
s-time-in-windows-vista-to-improve-ntfs-performance.aspx

An observant Windows Vista user noticed a registry named
NtfsDisableLastAccessUpdate under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem and asked
us what this means. Last Access Time is a file attribute that?s updated
when a file is accessed or otherwise touched. (This is often confused
with the Last Modified Time, which is only updated when the file
changes.) Last Access Time has a loose granularity that only guarantees
that the time is accurate to within one hour. In Windows Vista, we've
disabled updates to Last Access Time to improve NTFS performance. If you
are using an application that relies on this value, you can enable it
using the following command

---------------
In case this is of value in the forensics of Vista

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus