Understanding, Collecting, Parsing, Analyzing the $MFT
Introductions The NTFS (New Technology File System) is equipped with a feature known as filesystem journaling, which plays a vital role...
top of page
-
Mar 182 min read
NTFS Common Activity Patterns in the Journals $LogFile, $UsnJrnl
Introduction: NTFS journals play a crucial role in forensic analysis, providing valuable insights into file system activity....
42 views0 comments
-
Mar 171 min read
NTFS Journaling in Digital Forensics $LogFile, $UsnJrnl:- Analyzing of $J || $LogFile using Timeline explorer
Analyses of $J Output: Understanding Column Headers: As we dive into the USN journal, the column headers are mostly self-explanatory....
48 views0 comments
-
Mar 162 min read
NTFS Journaling in Digital Forensics $LogFile, $UsnJrnl:- Parsing of $J || $Logfile using MFTECmd.exe
In last we have talked about collection of $J and $Logfile using kape: This blog we are going to deep delve into Tool MFTECmd.exe which...
77 views0 comments
-
Mar 152 min read
Power of NTFS Journaling in Digital Forensics $LogFile, $UsnJrnl
Introductions NTFS, the file system used by Windows operating systems, offers powerful journaling features that provide critical...
129 views0 comments
-
Mar 142 min read
Anti-Forensics: Timestomping
What is Time stomping? Time stomping is a prevalent anti-forensic technique encountered in incident response matters. The manipulation of...
93 views0 comments
-
Mar 133 min read
NTFS: Metadata with The Sleuth Kit(istat)
In the realm of digital forensics, dissecting the intricacies of file systems is essential for uncovering valuable evidence and insights....
34 views0 comments
-
Mar 122 min read
NTFS: Understanding Metadata Entries
In the realm of digital forensics and cybersecurity, mastering the intricacies of file systems like NTFS is paramount. One crucial aspect...
32 views0 comments
-
Mar 113 min read
NTFS: Understanding Metadata Structures($MFT) and Types of System Files
Introduction: In the realm of file systems, metadata structures play a pivotal role in organizing and managing data. These structures,...
165 views0 comments
-
Mar 102 min read
NTFS: Versatility of NTFS: A Comprehensive Overview
Introduction: NTFS, short for New Technology File System, stands as a cornerstone of modern file management on Windows operating systems....
30 views0 comments
-
Mar 72 min read
Analysis of Super-Timeline: Created using Plaso(Log2timeline)
Lets start with an example: The two drive letters present that could indicate USB/external device activity are "E:" and "F:". The...
47 views0 comments
-
Mar 65 min read
A Deep Dive into Plaso/Log2Timeline Forensic Tools
Plaso is the Python-based backend engine powering log2timeline, while log2timeline is the tool we use to extract timestamps and forensic...
167 views0 comments
-
Mar 52 min read
Importance of Timestamp in Timeline Analysis while Forensic Investigations
Introduction: Timestamp analysis plays a crucial role in forensic investigations, offering valuable insights into the timeline of events...
41 views0 comments
-
Mar 41 min read
Understanding NTFS Timestamps(Timeline Analysis) : With Example
Lets understand with example: We have created table to understand NTFS Operations 1. Create Operation: When a file is created, according...
37 views0 comments
-
Mar 32 min read
Understanding NTFS Timestamps (Timeline Analysis)
Introduction: In digital forensics, understanding NTFS timestamps is crucial for reconstructing events and analyzing user activities on a...
117 views0 comments
-
Mar 22 min read
Understanding Timeline Analysis in Digital Forensics
What is Timeline Analysis? Timeline analysis in digital forensics is the process of examining chronological data to reconstruct events...
67 views0 comments
-
Mar 12 min read
Overview of the differences between various forensic artifacts:
LNK (Shortcut) Files: LNK files are Windows shortcut files that contain metadata about the file or program they link to. They can reveal...
44 views0 comments
-
Feb 292 min read
Artifacts for USB or Drive Usage Part 2: Drive Letter and Volume Name || Volume Serial Number || Shortcut (LNK) Files || P&P Event Log
1.Drive Letter and Volume Name USB devices play a significant role in forensic investigations, and understanding the drive letter and...
37 views0 comments
-
Feb 282 min read
Artifacts for USB or Drive Usage Part 1: Key Identification || First/Last Times || User
1.Key Identification USB devices are commonly used for data transfer and storage, making them a crucial aspect of digital forensics...
39 views0 comments
-
Feb 272 min read
Artifacts for Physical Location : Timezone || Browser Search Terms || Network History || Cookies
1.Timezone The system time zone plays a crucial role in forensic investigations as it provides valuable insights into the timing of...
40 views0 comments
bottom of page