Forensics Experts c...
 
Notifications
Clear all

Forensics Experts challenges

3 Posts
3 Users
0 Likes
536 Views
(@mhibert)
Posts: 12
Active Member
Topic starter
 

Hello, guys! I would like to ask the following question What are the problems and challenges forensics experts face with NTFS files system.

Thank you!

 
Posted : 19/11/2017 6:09 pm
(@masteroftheshim)
Posts: 1
New Member
 

Problems? I think a lot of problems are misunderstanding of MACB times but this is for all filesystems types. Especially when trying to forensically investigate files being transferred to or from a machine via usb.
If you want to be a true forensicator you need to know MACB times like the back of your hand. Timeline analysis is useless if you don't understand MACB.

Also I would advise Mastering The Shim! )

 
Posted : 06/02/2018 11:43 pm
(@randy_randerson)
Posts: 24
Eminent Member
 

Hello, guys! I would like to ask the following question What are the problems and challenges forensics experts face with NTFS files system.

Thank you!

Oh man where to start, but I would probably go with understanding how the Journal File actually works and understanding what is taking place with the file as it is being recorded. I've seen people just flat out guess what they think its doing.

 
Posted : 07/02/2018 2:01 am
Share: