Introduction to MFTECmd - NTFS MFT and Journal Forensics
17.8 هزار بار بازدید -
3 سال پیش
-
This is a long overdue
This is a long overdue follow-up to "NTFS Journal Forensics" from 2019. We'll take an in-depth look at both NTFS file system journals ($UsnJrnl and $LogFile), and we'll look at how to parse the $MFT and $UsnJrnl with Eric Zimmerman's MFTECmd. Then, we'll analyze the results with Timeline Explorer.
** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. **
📖 Chapters
00:00 - Intro
06:00 - Using KAPE to Acquire NTFS $MFT and Journals
10:33 - Using MFTECmd
13:00 - Using Timeline Explorer to Analyze the Results
20:36 - Recap
🛠 Resources
NTFS Journal Forensics:
NTFS Journal Forensics
MFTECmd:
https://ericzimmerman.github.io/#!ind...
AboutDFIR's MFTECmd Guide:
https://aboutdfir.com/toolsandartifac...
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. **
📖 Chapters
00:00 - Intro
06:00 - Using KAPE to Acquire NTFS $MFT and Journals
10:33 - Using MFTECmd
13:00 - Using Timeline Explorer to Analyze the Results
20:36 - Recap
🛠 Resources
NTFS Journal Forensics:
NTFS Journal Forensics
MFTECmd:
https://ericzimmerman.github.io/#!ind...
AboutDFIR's MFTECmd Guide:
https://aboutdfir.com/toolsandartifac...
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
3 سال پیش
در تاریخ 1400/03/03 منتشر شده
است.
17,806
بـار بازدید شده