top of page
Please access this website using a laptop / desktop or tablet for the best experience
Overview the Core Components of NTFS File System
The $MFT, $J, $LogFile, $T, and $I30 are all important components of the NTFS (New Technology File System) file system used in Windows...
-
Mar 22, 20243 min read
Understanding, Collecting, Parsing the $I30
Updated on Feb 17,2025 Introduction: In the intricate world of digital forensics, every byte of data tells a story. Within the NTFS file...
-
Mar 21, 20243 min read
Understanding, Collecting, Parsing, Analyzing the $MFT
Updated on 18 Feb, 2025 Master File Table ($MFT) : The MFT is a database that stores information about every file and directory on an NTFS...
-
Mar 20, 20242 min read
Making Sense of $UsnJrnl and $LogFile : Why Journal Analysis is a Game Changer
Updated 18 Feb,2025 Now that we’ve got a solid grasp on how $UsnJrnl and $LogFile work, let’s dive into how we can actually use them for...
-
Mar 18, 20244 min read
Understanding the $UsnJrnl, $J and How to Parse and analyze It
Updated on 18 Feb,2025 If you're digging into NTFS file system changes, the $UsnJrnl (Update Sequence Number Journal) is one of the best...
-
Mar 16, 20244 min read
Understanding NTFS Journaling ($LogFile and $UsnJrnl) : A Goldmine for Investigators
Updated 18 Feb,2025 Ever wonder how your computer keeps track of all the changes happening to files and folders? That’s where NTFS...
-
Mar 15, 20245 min read
The Truth About Changing File Timestamps: Legitimate Uses and Anti-Forensics: Timestomping
Changing a file’s timestamp might sound shady, but there are actually some valid reasons to do it. At the same time, cybercriminals have...
-
Mar 14, 20244 min read
NTFS: Metadata with The Sleuth Kit(istat)
In the realm of digital forensics, dissecting the intricacies of file systems is essential for uncovering valuable evidence and insights....
-
Mar 13, 20243 min read
Understanding NTFS Metadata(Entries) and How It Can Help in Investigations
When dealing with NTFS (New Technology File System), one of the most crucial components to understand is the Master File Table (MFT) ....
-
Mar 12, 20243 min read
Understanding NTFS File System Metadata and System Files
File systems store almost all data in files , but certain special files, collectively known as metadata structures, store essential...
-
Mar 11, 20242 min read
NTFS: More Than Just a Filesystem
Updated on 17 Feb,2025 When it comes to filesystems, NTFS (New Technology File System) is like the Swiss Army knife of Windows storage....
-
Mar 10, 20244 min read
Mastering Timeline Analysis: A Practical Guide for Digital Forensics: (Log2timeline)
Introduction Timeline analysis is a cornerstone of digital forensics, allowing investigators to reconstruct events leading up to and...
-
Mar 7, 20243 min read
A Deep Dive into Plaso/Log2Timeline Forensic Tools
Plaso is the Python-based backend engine powering log2timeline, while log2timeline is the tool we use to extract timestamps and forensic...
-
Mar 6, 20245 min read
Understanding Filesystem Timestamps: A Practical Guide for Investigators
In the digital forensics world, understanding how timestamps work is crucial. Modern operating systems, with their complexity, make...
-
Mar 5, 20243 min read
Understanding NTFS Timestamps(Timeline Analysis) : With Example
Lets understand with example: We have created table to understand NTFS Operations 1. Create Operation: When a file is created, according...
-
Mar 4, 20241 min read
Understanding Filesystem Timelines in Digital Forensics
Updated on 17 Feb,2025 When it comes to digital forensics, one of the most valuable tools in an investigator’s arsenal is the filesystem...
-
Mar 3, 20243 min read
Mastering Timeline Analysis: Unraveling Digital Events with Forensic Precision
Tracking down malicious activity in a digital environment can feel overwhelming. Modern systems generate an endless stream of logs,...
-
Mar 2, 20243 min read
Overview of the differences between various forensic artifacts:
LNK (Shortcut) Files: LNK files are Windows shortcut files that contain metadata about the file or program they link to. They can reveal...
-
Mar 1, 20242 min read
Uncovering Deleted Items and File Existence in Digital Forensics.
When investigating digital forensics cases, confirming which files were deleted or previously existed is crucial . Whether tracking user...
-
Feb 22, 20242 min read
Comprehensive Guide to Identifying File and Folder Access in Digital Forensics
When investigating digital forensics cases, confirming which files and folders have been opened or accessed is crucial . Whether tracking...
-
Feb 20, 20242 min read
bottom of page