Interpretation of NTFS Timestamps

Introduction

File and directory timestamps are one of the resources forensic analysts use for determining when something happened, or in what particular order a sequence of events took place. As these timestamps usually are stored in some internal format, additional … Read more

Standard Units in Digital Forensics

by Dr Chris Hargreaves
Lecturer at the Centre for Forensic Computing at Cranfield University in Shrivenham, UK.

One of the earliest lectures in the MIT Openware programme in Physics begins with the lecture “Units and Dimensional Analysis”. Units of measurement
Read more

EnCase file copying and Windows Short File Names

First published May 2010

By Lee Hui Jing, EnCe

Edited by Sarah Khadijah Taylor

ABSTRACT

A couple of months ago, one of my clients, an Investigating Officer from a Law Enforcement Agency, had requested me to extract some of the

Read more