Understanding MAC D...
 
Notifications
Clear all

Understanding MAC Dates in Malware case

12 Posts
8 Users
0 Reactions
1,270 Views
(@douglasbrush)
Prominent Member
Joined: 16 years ago
Posts: 812
 

Happening now, relates to this, Kristinn Gudjonsson presentation on log2timeline gets into MFT.

http//www.livestream.com/sansinstitute

If you miss it it will be up later I think.


   
ReplyQuote
(@bdmeyer)
Eminent Member
Joined: 15 years ago
Posts: 36
Topic starter  

I am updating this. I posted on the AccessData forum about how to do this in FTK 3.x. I thought I would have to mount the case drive, and run the perl script against it, I was hoping it wouldn't be so cumbersome, and it wasn't!

The info is available just by looking at the properties tab, 'but only when the SIA and FNA dates differ.' I had confirmed the actual dates via separate methods as per all the fine recommendations people shared with me here in reply to my original post. I learned allot from the various respondents and thank all of you who provided constructive comments.

Here is the thread at AccessData. No scripts needed to view a slew of date info on a file.
http//forums.accessdata.com/viewtopic.php?f=27&t=3760&p=13219#p13219
Thanks Again everyone. I learned quite a bit this week from your helpful (and FAST!) replies.

–Bruce D. Meyer


   
ReplyQuote
Page 2 / 2
Share: