log2timeline Since 2009 - SANS
12.07.2013 Views
Share Embed Flag

log2timeline Since 2009 - SANS

log2timeline Since 2009 - SANS

log2timeline Since 2009 - SANS

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
computer.forensics.sans.org

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

<strong>SANS</strong> 2011 Digital Forensics and Incident Response Summit<br />

Other methods<br />

Sequential MFT entry number allocation<br />

Malware often hides inside Windows\System32<br />

Patches update several files<br />

Malware introduces few changes<br />

<br />

What l2t_process does to detect manipulations<br />

$MFT module includes notes if entries are suspicious<br />

The i (include) option includes suspicious entries<br />

outside the date range<br />

Maps the relationship between MFT entry nr. and<br />

creation time

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!