1. Identify the Microsoft version: An investigator will receive a disk image and have no idea what the specific Windows operating system...

1. MRU Lists (Most recent used lists) NTUSER.DAT for particular user (If we use Registry explorer in my case c:\users\user\ntuser.dat)...

The Windows operating system caches writes to the registry in two locations. The first is in memory. The second is on disk in the...

Windows Registry Overview: The Windows registry is a crucial database storing system, software, hardware, and user configuration data....

Introduction: In the realm of digital forensics, gaining insights into the changes made to files and volumes over time can be critical...

The $MFT, $J, $LogFile, $T, and $I30 are all important components of the NTFS (New Technology File System) file system used in Windows...

Introduction: In the intricate world of digital forensics, every byte of data tells a story. Within the NTFS file system, "$I30" files...

Introductions The NTFS (New Technology File System) is equipped with a feature known as filesystem journaling, which plays a vital role...

Introduction: NTFS journals play a crucial role in forensic analysis, providing valuable insights into file system activity....

Analyses of $J Output: Understanding Column Headers: As we dive into the USN journal, the column headers are mostly self-explanatory....

In last we have talked about collection of $J and $Logfile using kape: This blog we are going to deep delve into Tool MFTECmd.exe which...

Introductions NTFS, the file system used by Windows operating systems, offers powerful journaling features that provide critical...

What is Time stomping? Time stomping is a prevalent anti-forensic technique encountered in incident response matters. The manipulation of...

In the realm of digital forensics, dissecting the intricacies of file systems is essential for uncovering valuable evidence and insights....

In the realm of digital forensics and cybersecurity, mastering the intricacies of file systems like NTFS is paramount. One crucial aspect...

Introduction: In the realm of file systems, metadata structures play a pivotal role in organizing and managing data. These structures,...

Introduction: NTFS, short for New Technology File System, stands as a cornerstone of modern file management on Windows operating systems....

Lets start with an example: The two drive letters present that could indicate USB/external device activity are "E:" and "F:". The...

Plaso is the Python-based backend engine powering log2timeline, while log2timeline is the tool we use to extract timestamps and forensic...

Introduction: Timestamp analysis plays a crucial role in forensic investigations, offering valuable insights into the timeline of events...