PaulDotCom mailing list archives
Followup on NTFS Forensics Tech Segment
From: Bugbear <gbugbear () gmail com>
Date: Mon, 1 Aug 2011 16:24:52 -0400
Hello All I put up a quick followup to my tech segment on EP 236<http://pauldotcom.com/wiki/index.php/Episode236#Special_Guest_Tech_Segment:_Tim_Mugherini_presents_NTFS_MFT_Timelines_and_malware_analysis>on NTFS MFT Analysis. The followup is on parsing the NTFS $UsnJrnl during malware analysis and can be found here: http://securitybraindump.blogspot.com/2011/07/dear-diary-today-i-was-infected-with.htmlDon't hesitate to point out errors. Hope someone finds it useful. For those of you in or heading the Vegas, don't do anything I wouldn't do (which means anything goes). Tim @bug_bear
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Followup on NTFS Forensics Tech Segment Bugbear (Aug 01)