Notifications
Clear all

Forensics Experts challenges  

  RSS
mhibert
(@mhibert)
New Member

Hello, guys! I would like to ask the following question What are the problems and challenges forensics experts face with NTFS files system.

Thank you!

Quote
Posted : 19/11/2017 6:09 pm
MasterOfTheShim
(@masteroftheshim)
New Member

Problems? I think a lot of problems are misunderstanding of MACB times but this is for all filesystems types. Especially when trying to forensically investigate files being transferred to or from a machine via usb.
If you want to be a true forensicator you need to know MACB times like the back of your hand. Timeline analysis is useless if you don't understand MACB.

Also I would advise Mastering The Shim! )

ReplyQuote
Posted : 06/02/2018 11:43 pm
Randy_Randerson
(@randy_randerson)
New Member

Hello, guys! I would like to ask the following question What are the problems and challenges forensics experts face with NTFS files system.

Thank you!

Oh man where to start, but I would probably go with understanding how the Journal File actually works and understanding what is taking place with the file as it is being recorded. I've seen people just flat out guess what they think its doing.

ReplyQuote
Posted : 07/02/2018 2:01 am
Share: