Top Ad unit 728 × 90

Latest News


Daily Blog #496: Forensic Lunch Test Kitchen 10/3/18

Hello Reader,
      Today we come close to a conclusion on our exploration of ObjectIDs within the MFT. We went in and both extracted MFT attributes with pytsk as well as ran/validated the same information with mftecmd to determine why we had duplicate objectids in our file system.

We learned that:

  • Duplicate ObjectIDs appear to happen in hard links to the same file
  • Every Duplicate ObjectID that we tested had the same file entry and sequence number meaning it was the same file
  • Python has a cool function called dir() which will show you all of the available methods that an object has
You can watch the video here:

Daily Blog #496: Forensic Lunch Test Kitchen 10/3/18 Reviewed by David Cowen on October 03, 2018 Rating: 5

No comments:

All Rights Reserved by Hacking Exposed Computer Forensics Blog © 2014 - 2020
Powered By Blogger, Designed by Sweetheme

Contact Form


Email *

Message *

Powered by Blogger.