$MFT analysis

Brian Carrier's book, "File System Forensic Analysis"

Thanks keydet89, I'm looking more for an on-line white paper which I can read now.

Sammes and Jenkinson's book "Forensic Computing A Practitioner's Guide" has a very useful chapter on this and is available on Google Books.

It also has worked examples you can follow which I personally found really useful

HTH

Ben

When I searched Google
http//www.google.com/search?q=mft+forensic+analysis&ie=utf-8&oe=utf-8&aq=t&rls=org.mozillaen-USofficial&client=firefox-a

I found several blogs and sites. Where is my data has a nice brief
http//whereismydata.wordpress.com/2009/06/05/forensics-what-is-the-mft/

Also might want to check the Advanced Google searches. Pretty cool because you can do a global search for file types
MFT forensic PDF search

And there you will find several papers on MFT analysis.

Do take the time in the future to read, re-read and read some more Brians book on NTFS and MTF. It is stuff that you really want to understand by heart.

Thanks keydet89, I'm looking more for an on-line white paper which I can read now.

Buy it on the Kindle. You can get a Kindle App for pretty much every platform these days including a PC.

Thanks Chaps. Job done.