Hello Reader,
Today we come close to a conclusion on our exploration of ObjectIDs within the MFT. We went in and both extracted MFT attributes with pytsk as well as ran/validated the same information with mftecmd to determine why we had duplicate objectids in our file system.
We learned that:
Today we come close to a conclusion on our exploration of ObjectIDs within the MFT. We went in and both extracted MFT attributes with pytsk as well as ran/validated the same information with mftecmd to determine why we had duplicate objectids in our file system.
We learned that:
- Duplicate ObjectIDs appear to happen in hard links to the same file
- Every Duplicate ObjectID that we tested had the same file entry and sequence number meaning it was the same file
- Python has a cool function called dir() which will show you all of the available methods that an object has
You can watch the video here:
.png)
Post a Comment