homepage
Open menu
Contact Sales

Hands on USN Journal Analysis

  • Tuesday, 16 Dec 2014 1:00PM EST (16 Dec 2014 18:00 UTC)
  • Speaker: David Cowen

Journaled file systems have been a part of modern file systems for years butthe science of computer forensics has only been approaching them mainly as amethod of recovering deleted files. In this talk we will outline the threemajor file systems in use today that utilize journaling (NTFS, EXT3/4, HFS+)and explain what is stored and its impact on your investigations. We willdemonstrate tools for NTFS and EXT3/4 that allow us to:

  • Recover data hidden or destroyed by anti forensics
  • Recover previously unrecoverable artifacts
  • Trace all file system movements and actions of malware
  • The possibility of entirely new analysis techniques
  • The ability to detect and identify specific anti-forensic toolsautomatically

Ending with a review of HFS+ and the future of file system forensics inrelations to journals and new file systems such as ReFS

Login to Register

Related Content

Blog
Following the Trail of Threat Actors in Google Workspace Audit Logs
Digital Forensics, Incident Response & Threat Hunting
Following the Trail of Threat Actors in Google Workspace Audit Logs
Many of the events we highlight in this blog post and the cheat sheet occur as part of normal business operations...
Megan_Roddie_370x370.png
Megan Roddie-Fonseca
read more
Blog
Quest_to_Summit_340x340.png
Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting
The Quest to Summit | SANS ICS Security Summit 2024
Register for the ICS Security Summit to be able to participate in The Quest to Summit and win big prizes.
370x370_Tim-Conway.jpg
Tim Conway
read more
Blog
N2C_blog_image.png
Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, CyberLive, Workforce Development, Career Development, Why Certify, Imposter Syndrome, NetWars, Mentorship, Job Hunting, Operating System & Device In-Depth, Artificial Intelligence (AI)
A Visual Summary of SANS New2Cyber Summit 2024
Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024
370x370-person-placeholder.png
Alison Kim
read more