As far as I know, $LogFile is the NTFS log, which is used to ensure that operations complete properly.Can we get something useful from $Logfile? Such as which and when a operation has been excuted? o
As far as I know, $LogFile is the NTFS log, which is used to ensure that operations complete properly.Can we get something useful from $Logfile? Such as which and when a operation has been excuted? o
You should be able to see if the volume was shut down normally or not, for example.
If you can associate any of the operations in the file with file system objects (thus, associating the operation with a time), you may be able to deduce the time of other operations in between. Also, you may be able to see a difference between files that have been timestomped, and files that have had a 'normal' life.
Perhaps.
Added The WinHex Forensics feature page mentions a viewer for this file …
Some recent related news
http//
(nothing out yet, but promising ) )
jaclaz
Hey Jaclaz
Check out the tweets for David Cowen (@HECFBlog) - he posted a couple weeks back that the beta is available to anyone who wants it, just send him a direct message.
I have the beta and briefly tested and it produces some good content. I think you may find it useful.
Hey Jaclaz
Check out the tweets for David Cowen (@HECFBlog) - he posted a couple weeks back that the beta is available to anyone who wants it, just send him a direct message.
I have the beta and briefly tested and it produces some good content. I think you may find it useful.
Good, and thanks for the hint, but I won't disturb the Author for something I don't really-really need (NOW), I guess that when he will be ready for it he will release it publicly ) , but it could be a very good option for the OP.
jaclaz
Hey Jaclaz
Check out the tweets for David Cowen (@HECFBlog) - he posted a couple weeks back that the beta is available to anyone who wants it, just send him a direct message.
I have the beta and briefly tested and it produces some good content. I think you may find it useful.
HI Pbobby, Can you E-mail the beta version of this software to me? I am very interesting in it, but I can't contact David Cowen due to the internet policy in our country. Thank you.