Interpretation of NTFS Timestamps

12th May 20206th April 2013

Introduction

File and directory timestamps are one of the resources forensic analysts use for determining when something happened, or in what particular order a sequence of events took place. As these timestamps usually are stored in some internal format, additional … Read more

Standard Units in Digital Forensics

12th May 202023rd July 2011

by Dr Chris Hargreaves
Lecturer at the Centre for Forensic Computing at Cranfield University in Shrivenham, UK.

One of the earliest lectures in the MIT Openware programme in Physics begins with the lecture “Units and Dimensional Analysis”. Units of measurement

EnCase file copying and Windows Short File Names

12th May 202019th July 2011

First published May 2010

By Lee Hui Jing, EnCe

Edited by Sarah Khadijah Taylor

ABSTRACT

A couple of months ago, one of my clients, an Investigating Officer from a Law Enforcement Agency, had requested me to extract some of the

Linux for computer forensic investigators: «pitfalls» of mounting file systems

12th May 202017th July 2011

First published October 2009

by Suhanov Maxim
ITDefence.Ru

Introduction

Forensic Linux distribution is a customized Linux distribution that is commonly used to complete different tasks during computer forensics investigations. These distributions are often used to complete the following tasks:

–