Daily Blog #496: Forensic Lunch Test Kitchen 10/3/18
Hello Reader,
Today we come close to a conclusion on our exploration of ObjectIDs within the MFT. We went in and both extracted MFT attributes with pytsk as well as ran/validated the same information with mftecmd to determine why we had duplicate objectids in our file system.
We learned that:
Today we come close to a conclusion on our exploration of ObjectIDs within the MFT. We went in and both extracted MFT attributes with pytsk as well as ran/validated the same information with mftecmd to determine why we had duplicate objectids in our file system.
We learned that:
- Duplicate ObjectIDs appear to happen in hard links to the same file
- Every Duplicate ObjectID that we tested had the same file entry and sequence number meaning it was the same file
- Python has a cool function called dir() which will show you all of the available methods that an object has
You can watch the video here:
Daily Blog #496: Forensic Lunch Test Kitchen 10/3/18
Reviewed by David Cowen
on
October 03, 2018
Rating:
Reviewed by David Cowen
on
October 03, 2018
Rating:
No comments: