2 thoughts on “Digital Forensics – NTFS INDX and Journaling

  1. Tecko says:

    Hi guys,

    You are talking about Logfile and you are analyzing UsnJournal. I think they are confusion about the outcome.

    Like

    • Luis Rocha says:

      Hello Tecko, In this particular case I extracted the $LogFile and used LogFileParser from Joakim Schicht to parse it and extract all the metadata.
      This tool is able to reconstruct the metadata about the transaction logs including metadata from the $INDX records.
      On the other hand the $UsnJrnl artifact that resides in %SYSTEMDRIVE%\$Extend\$UsnJrnl would be a different artifact, also valuable, and you could use https://github.com/PoorBillionaire/USN-Journal-Parser to parse it.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

gb_master's /dev/null

... and I said, "Hello, Satan. I believe it's time to go."

Source Code Auditing, Reversing, Web Security

Finding Hidden codes in the software

BruteForce Lab

security, programming, devops, visualization, the cloud

Count Upon Security

Increase security awareness. Promote, reinforce and learn security skills.

Naked Security

Computer Security News, Advice and Research

Didier Stevens

(blog \'DidierStevens)

malwology

Adventures in double-clicking malware / by Anuj Soni

Rational Survivability

Hoff's Ramblings about Information Survivability, Information Centricity, Risk Management and Disruptive Innovation.

SANS Internet Storm Center, InfoCON: green

Increase security awareness. Promote, reinforce and learn security skills.

TaoSecurity

Increase security awareness. Promote, reinforce and learn security skills.

Schneier on Security

Increase security awareness. Promote, reinforce and learn security skills.

Technicalinfo.net Blog

Increase security awareness. Promote, reinforce and learn security skills.

Lenny Zeltser

Increase security awareness. Promote, reinforce and learn security skills.

Krebs on Security

In-depth security news and investigation

%d bloggers like this: