FTK 3.4 and Unix Filesystem

General (Technical, Procedural, Software, Hardware etc.)

Last Post by wmatson 14 years ago

1 Posts

1 Users

0 Reactions

502 Views

RSS

wmatson

(@wmatson)

Active Member

Joined: 16 years ago

Posts: 8

Topic starter 09/11/2011 4:59 am

Hi All,

Forensicating a Unix system at the moment. Using FTK 3.4 – it displays the following time stamp columns Created, Accessed, Modified. I know there is no Created time stamp for Unix – instead there should be an Inode Changed. I know how to add different column settings, however there are only Unix security feature settings – no time stamp options. Are there additional "plugins" I can download or is Created actually = Inode Changed??

Any documentation on this would be above, beyond and appreciated.

Thanks

Quote

Android Forensics

I have conducted a logical and partial extraction of a ...

By SgtAndroid , 2 days ago
Article: The Balance Between Digital Forensic Examiners And Digital Evidence Technicians: Expertise Vs. Efficiency

Can digital forensic labs cut backlogs without cutting ...

By Zoe , 3 days ago
Prefetch Question

Hello All, I have a question regarding Windows prefet...

By Forensic_Tester , 3 days ago

8 Forums
15.7 K Topics
92.3 K Posts
184 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed