NTFS Journaling(Different Artifact like $I30, $MFT, $LogFile, $UsnJrnl)

Pages Count

8 Pages

Links for the courses

NTFS Journaling in Forensics $LogFile, $UsnJrnl : Click Me

$LogFile, $UsnJrnl:- Parsing of $J || $Logfile using MFTECmd.exe : Click Me

$LogFile, $UsnJrnl :- Analyzing of $J || $LogFile using Timeline explorer : Click Me

NTFS Common Activity Patterns in the Journals $LogFile,$UsnJrnl : Click Me

Collecting, Parsing, Analyzing the $MFT : Click Me

Understanding, Collecting, Parsing the $I30 : Click Me

------------------------------------------------------------------------------------------------------------

Tracing Reused $MFT Entries Paths : Recovering Deleted File Paths Forensically with CyberCX UsnJrnl Rewind : Click Me

------------------------------------------------------------------------------------------------------------

Overview of NTFS File System: Click Me

Dean