EnScripts - USNJrnl.enscript
As I have mentioned previously one of the things I want to learn to make me a better Forensic Analyst is Python. Mainly because Kev can’t complete a sentence at work without
Recent posts
New Home For My Blog
Just a quick blog post for the reasoning behind moving my blog. There were several reasons for the move, the main one being the relocation to the techanarchy.net domain. The techanarchy blog
Timestamp Anomalies - $MFT
Going through my SANS 508 material I decided to have a closer look at some of the material on the Master File Table ($MFT) in the NTFS file system and how the analysis
Decoding NanoCore Rat
Extracting and decrypting the config block from NanoCore malware
Timeline Creation - Part 2 (Super Timeline)
As promised in my previous blog post I would be moving on to create a Super Timeline and my reasons for carrying this out after the filesystem timeline is purely down to the
Timeline Creation - Part 1 (Filesystem Timeline)
As I mentioned previously I am currently studying for my GCFA (GIAC Certified Forensic Analyst) exam and as part of my revision I am completing the exercises in the workbook. One area I