chip_dfir

A collection of 17 posts

Setting Up My Forensic Lab

I have finally bowed to the pressure of my good friend Kev and now have a server! I must point out that it is his old server and through his immense generosity now

EnScripts – GUI USNJrnl.enscript

Those of you who are following my blog will remember that in my last EnScript blog post I created a UsnJrnl EnScript and I promised I would add a Graphical User Interface (GUI)

EnScripts - USNJrnl.enscript

As I have mentioned previously one of the things I want to learn to make me a better Forensic Analyst is Python. Mainly because Kev can’t complete a sentence at work without

New Home For My Blog

Just a quick blog post for the reasoning behind moving my blog. There were several reasons for the move, the main one being the relocation to the techanarchy.net domain. The techanarchy blog

Timestamp Anomalies - $MFT

Timestamp Anomalies - $MFT

Going through my SANS 508 material I decided to have a closer look at some of the material on the Master File Table ($MFT) in the NTFS file system and how the analysis