Explore >> Select a destination
|
You are here 
|
www.senturean.com | ||
| | | | |
thinkdfir.com
|
|
| | | | | Welcome to 2023! Turns out I didn't post on here as much as I should have last year. Logging in this morning I can see I posted twice, whoops. Let's change that with some validation research into INDX records, particularly in relation to the timestamps that are stored in INDX entries. I've been putting together... | |
| | | | |
wise-forensics.com
|
|
| | | | | Scenario:In this Sherlock, you will become acquainted with MFT (Master File Table) forensics. You will be introduced to well-known tools and methodologies for analyzing MFT artifacts to identify malicious activity. During our analysis, you will utilize the MFTECmd tool to parse the provided MFT file, TimeLine Explorer to open and analyze the results from the... | |
| | | | |
www.khyrenz.com
|
|
| | | | | Time rules for certain user file interactions are documented in the SANS red poster, tested on a Windows 10 1903 system. This blog post looks at these same user interactions with files on a Windows 11 22H2 system, with some further testing conducted on a Windows 10 21H2 system to fill in gaps (file copy to same folder, file recycle, ADS tests, and the original file MFT entries for file copy and move actions). Note that actions shown in the red poster were not re-rested; they have simply been lis | |
| | | | |
www.datajazzdave.com
|
|
| | | Find the actual code on my github HERE NOTE: I believe the double response has to do with my use of nbdev which is how this documentation from a jupyter notebook looks more clear. | ||
