Digital Forensic Survival Podcast
DFSP # 015 - $UsnJrnl File
- Autor: Vários
- Narrador: Vários
- Editor: Podcast
- Duración: 0:13:39
- Mas informaciones
Informações:
Sinopsis
The $UsnJrnl is an artifact that logs certain changes to files in NTFS volumes. It is a great source of timeline information for malware\ IR investigations, time stomping concerns and anti-forensics activities (i.e. wiping) as well as an additional source of file use and knowledge evidence for disk forensics.
