Hello Reader,
With another presentation done here are my slides from PFIC, where I again presented on Anti Anti Forensics. This is a similar presentation to the one I did at Bsides DFW but with more details on the actual structure of $logfile records and more information.
Slides can be found here: Slides
We are getting close to the official release of ANJP (Advanced NTFS Journal Parser) as we write up our official blog post to put up on the SANS blog. Until then, if you would like a copy of the version 1 free tool please email me dcowen@g-cpartners.com so I can get you going. Our goal is to get the community access to our research as quickly as possible!
I'm looking for conferences to spread the good word on journaled file system forensics for next year, so if you are looking for advanced content please let me know!
With another presentation done here are my slides from PFIC, where I again presented on Anti Anti Forensics. This is a similar presentation to the one I did at Bsides DFW but with more details on the actual structure of $logfile records and more information.
Slides can be found here: Slides
We are getting close to the official release of ANJP (Advanced NTFS Journal Parser) as we write up our official blog post to put up on the SANS blog. Until then, if you would like a copy of the version 1 free tool please email me dcowen@g-cpartners.com so I can get you going. Our goal is to get the community access to our research as quickly as possible!
I'm looking for conferences to spread the good word on journaled file system forensics for next year, so if you are looking for advanced content please let me know!
Also Read: Updates and DFIR Conferences
David, thanks for sharing these. I posted my slides via my blog this morning.
ReplyDeleteHello,
ReplyDeleteHave you released this tool yet?
Advanced NTFS Journal Parser
Thanks
Robert