Hello, guys! I would like to ask the following question What are the problems and challenges forensics experts face with NTFS files system.
Thank you!
Problems? I think a lot of problems are misunderstanding of MACB times but this is for all filesystems types. Especially when trying to forensically investigate files being transferred to or from a machine via usb.
If you want to be a true forensicator you need to know MACB times like the back of your hand. Timeline analysis is useless if you don't understand MACB.
Also I would advise Mastering The Shim! )
Hello, guys! I would like to ask the following question What are the problems and challenges forensics experts face with NTFS files system.
Thank you!
Oh man where to start, but I would probably go with understanding how the Journal File actually works and understanding what is taking place with the file as it is being recorded. I've seen people just flat out guess what they think its doing.