Last Chance: MacBook Air, Dell XPS 13 or $600 off with SANS Online Training Ends December 7

DFIRCON East 2014

Fort Lauderdale, FL | Mon, Nov 3 - Sat, Nov 8, 2014
This event is over,
but there are more training opportunities.

Filesystem Journal Forensics

  • David Cowen
  • Wednesday, November 5th, 8:15pm - 9:15pm

Journaled file systems have been a part of modern file systems for years, but the science of computer forensics has only been approaching them mainly as a method of recovering deleted files. In this talk we will outline the three major file systems in use today that utilize journaling (NTFS, EXT3/4, HFS+) and explain what is stored and its impact on your investigations. We will discuss NTFS and new analysis techniques:

  • Recover data hidden or destroyed by anti-forensics
  • Determine exact deletion times
  • Determine what was being accessed and how often

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Monday, November 3
Session Speaker Time Type
General Session- Welcome to SANS Rob Lee Monday, November 3rd, 8:15am - 8:45am Special Events
The Internet of Evil Things Johannes Ullrich, Ph.D. Monday, November 3rd, 7:15pm - 9:15pm Keynote
Tuesday, November 4
Session Speaker Time Type
DFIR Advanced Smartphone Forensics Cindy Murphy Tuesday, November 4th, 7:15pm - 8:15pm SANS@Night
When Macs Get Hacked Sarah Edwards Tuesday, November 4th, 8:15pm - 9:15pm SANS@Night
Wednesday, November 5
Session Speaker Time Type
Jumping the Shark Tim Garcia Wednesday, November 5th, 7:15pm - 8:15pm SANS@Night
Filesystem Journal Forensics David Cowen Wednesday, November 5th, 8:15pm - 9:15pm SANS@Night