Digital Forensic Survival Podcast: DFSP # 015

Digital Forensic Survival Podcast

2024
April
March
February
January

2023
December
November
October
September
August
July
June
May
April
March
February
January

2022
December
November
October
September
August
July
June
May
April
March
February
January

2021
December
November
October
September
August
July
June
May
April
March
February
January

2020
December
November
October
September
August
July
June
May
April
March
February
January

2019
December
November
October
September
August
July
June
May
April
March
February
January

2018
December
November
October
September
August
July
June
May
April
March
February
January

2017
December
November
October
September
August
July
June
May
April
March
February
January

2016
December
November
October
September
August
July
June
May
April
March
February

Now displaying: Page 1

DFSP # 015 - $UsnJrnl File 0

May 31, 2016

The $UsnJrnl is an artifact that logs certain changes to files in NTFS volumes. It is a great source of timeline information for malware\ IR investigations, time stomping concerns and anti-forensics activities (i.e. wiping) as well as an additional source of file use and knowledge evidence for disk forensics.

Download this Episode

0 Comments

Adding comments is not available at this time.