Thursday, March 31, 2011

Timeline analysis on Pauldotcom

Awesome tech segment on  MFT Timeline analysis from the Pauldotcom guys.

The Tech Segment explains how to perform a Timeline analysis  with open-source tools and how to spot anti-forensics techniques like timestamp manipulations.

More information on timestamp manipulation can be found in the Sans Computer Forensics Blog that I already commented in this post.

The original blog post on the Sans Computer Forensics Blog talks about a tool called  mft_parser_cl created by  Mark McKinnon  that has been released for this tech segment. It is really helpful to spot timestamp manipulations, because it is able to pull $FILE_NAME time stamps and put them into bodyfile format so they can be added to the overall time line for analysis.





No comments:

Post a Comment