Jump to content
Kwelwild

Ntfs Triforce Or Anti Anti Forensics By David Cowen And Matt Seyer

By Kwelwild, in Tutoriale video

Recommended Posts

Kwelwild Newbie

Kwelwild

Posted
Posted



Description: It still amazes me that after all this time there is still more to learn about NTFS. Over the past year or so David has been working on a tool to exploit the $LOGFILE and $USNJRNL on NTFS. These can provide us with a significant amount of historical information on file system activity, including identifying file movements and changes. In this presentation David also demonstrated the triforce tool, the amount of information it recovers is quite astounding. This is something that will change they way you do forensics forever, whether you are doing malware, intrusion or LE investigations.

Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.

Original Source:

Sursa: Ntfs Triforce Or Anti Anti Forensics By David Cowen And Matt Seyer

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...