Загрузка страницы
Все видеоНовые видеоПопулярные видеоКатегории видео

Anatomy of an NTFS FILE Record - Windows File System Forensics

In this episode, we'll talk about the structure and composition of an NTFS FILE record. Then, we'll take a look at a sample record for a resident file and learn how to manually extract the important attributes.

*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***

📖 Chapters

00:00 - Intro
02:08 - Analysis

🛠 Resources

Anatomy of an NTFS File Record (Cheat Sheet):
https://drive.google.com/file/d/1UBOu2BXeBz7R6dzjUG2wo-xZrZO82HPg/view?usp=share_link

Everything I know about NTFS (primary reference for this episode):
https://kcall.co.uk/ntfs/

010 Editor:
https://www.sweetscape.com/010editor/

#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics

Видео Anatomy of an NTFS FILE Record - Windows File System Forensics канала 13Cubed
Показать
Комментарии отсутствуют
Введите заголовок:

Введите адрес ссылки:

Введите адрес видео с YouTube:

Зарегистрируйтесь или войдите с
Информация о видео
13 июня 2022 г. 17:09:02
00:11:45
13Cubed
Теги
Правообладателям
Жалоба
Комментарии
Другие видео канала
An Important Change to ShellBags - Windows 11 2023 Update!An Important Change to ShellBags - Windows 11 2023 Update!VMware Memory Forensics - Don't Miss This Important Detail!VMware Memory Forensics - Don't Miss This Important Detail!Investigating Windows Memory Is Here!Investigating Windows Memory Is Here!Old School MS-DOS Commands for DFIROld School MS-DOS Commands for DFIRDetecting PsExec UsageDetecting PsExec UsageA File's Life - File Deletion and RecoveryA File's Life - File Deletion and RecoveryTwo Thumbs Up - Thumbnail ForensicsTwo Thumbs Up - Thumbnail ForensicsInterview with Lesley Carhart (hacks4pancakes)Interview with Lesley Carhart (hacks4pancakes)It's About Time - Timestamp Changes in Windows 11It's About Time - Timestamp Changes in Windows 11Digital Forensics Training You Can Actually Afford!Digital Forensics Training You Can Actually Afford!EZ Tools Manuals Interview with Andrew RathbunEZ Tools Manuals Interview with Andrew RathbunA New Program Execution Artifact - Windows 11 22H2 Update!A New Program Execution Artifact - Windows 11 22H2 Update!The Dissect Effect - An Open Source IR FrameworkThe Dissect Effect - An Open Source IR FrameworkLet's Talk About MUICacheLet's Talk About MUICacheHow Many Timestamps??? #ShortsHow Many Timestamps??? #ShortsImpacket Impediments - Finding Evil in Event LogsImpacket Impediments - Finding Evil in Event LogsWhat's on My DFIR Box?What's on My DFIR Box?The Case of the Disappearing Scheduled TaskThe Case of the Disappearing Scheduled TaskWindows Hibernation Files - A Look Back in TimeWindows Hibernation Files - A Look Back in TimeLet's Talk About NTFS Index AttributesLet's Talk About NTFS Index Attributes
Статистика портала
Яндекс.Метрика
© 2008-2024 «Информационно-развлекательный портал города Верхняя Салда»
| Карта портала | Реклама | Контакты | Сообщить об ошибке | Соглашения
salda.ws salda.ws@mail.ru
Сейчас на сайте: 512 Статистика портала