Week 46 – 2018

FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog shows the File ID on ReFS. Examining this ID may be useful in identifying timestomping. ReFS and File ID Marcus Thompson at Professor Bike demonstrates various issues he has come up against whilst parsing MFT records. Applying the Precision Testing Methodology to the Master File Table […]

Week 45 – 2018

FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog looks at the USN Journal on ReFS, which can be queried but FTK Imager doesn’t seem to parse the file system, and he was unsuccessful with carving for USN records Refs and USN Journal Further research indicated that USN_RECORD_V3 is used on ReFS. Refs and USN […]

Week 44 – 2018

Paul Sanderson advised that Sanderson Forensics is closed until further notice due to family health concerns. Sending well wishes and hopefully, everything gets better soon. FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog takes a look at the “Audit PNP Activity” event logging with regards to USB device connection. Audit PNP Activity and ID […]

This Month In 4n6 – October – 2018

A monthly wrap-up of the DFIR news for October 2018. Thank you to those Patreon donors for the last month. I decided to go with the value-for-value model rather than advertising. Alternatively, it would be great if you could leave an iTunes review. If you are a Patreon donor the show notes can be found here. Special thanks to […]

Week 43 – 2018

Links only this week. Sorry! I assure you I have a good excuse 🙂 FORENSIC ANALYSIS Dave Cowen Daily Blog #513: solution Saturday 10/20/18 Daily Blog #514: Sunday Funday 10/21/18 Daily Blog #515: Asking for your input regarding future testing Daily Blog #516: Forensic Lunch Test Kitchen 10/23/18 Daily Blog #517: Forensic Lunch Test Kitchen […]

Week 42 – 2018

FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog looks at file system tunnelling on the C drive File System Tunneling and C:\ Adam Harrison at 1234n6 has written a post on Windows execution artefacts across a variety of desktop and server versions of Windows, and subsequently also (is going to be the winning, yes […]

Week 41 – 2018

  Early post this week, just in case I didn’t have time to finish it tomorrow. FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog looks at the effects of file system tunnelling on the USN journal File System Tunneling and E:\ Faisal AM Qureshi at ‘Deriving Cyber Threat Intelligence and Threat Hunting’ demonstrates how […]