Explore >> Select a destination
|
You are here 
|
port139.hatenablog.com | ||
| | | | |
www.khyrenz.com
|
|
| | | | | Time rules for certain user file interactions are documented in the SANS red poster, tested on a Windows 10 1903 system. This blog post looks at these same user interactions with files on a Windows 11 22H2 system, with some further testing conducted on a Windows 10 21H2 system to fill in gaps (file copy to same folder, file recycle, ADS tests, and the original file MFT entries for file copy and move actions). Note that actions shown in the red poster were not re-rested; they have simply been lis | |
| | | | |
www.senturean.com
|
|
| | | | | During my File System Tunneling related investigation I tested NTFS timestamp changes in case of different operations on Windows 10. I used SANS's DFPS_FOR500_v4.9_4-19 and Cyberforensicator's timestamp posters for comparison. I found out that my results were different from theirs. In my tests, some of the operations produced different timestamp changes and inheritance than the previously mentioned posters show. These timestamp rules can change in every Windows version so it is worth checking them from time to time. | |
| | | | |
wise-forensics.com
|
|
| | | | | Scenario:In this Sherlock, you will become acquainted with MFT (Master File Table) forensics. You will be introduced to well-known tools and methodologies for analyzing MFT artifacts to identify malicious activity. During our analysis, you will utilize the MFTECmd tool to parse the provided MFT file, TimeLine Explorer to open and analyze the results from the... | |
| | | | |
cookie.engineer
|
|
| | | Arch Linux Installation Guide (GRUB) | ||
