tag:blogger.com,1999:blog-9518042.post6777339621242437594..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: Timeline Analysis, pt V - First StepsUnknownnoreply@blogger.comBlogger2125tag:blogger.com,1999:blog-9518042.post-82158492777184297352009-03-26T19:18:00.000-05:002009-03-26T19:18:00.000-05:00That wasn't forgotten...it simply doesn't get me t...That wasn't forgotten...it simply doesn't get me to where I want to go. If you've seen any of the other "Timeline Analysis" posts, you'll see...but stay tuned, anyway...H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-22051524546757261852009-03-26T18:59:00.000-05:002009-03-26T18:59:00.000-05:00Don't forget that FTK imager can extract a file li...Don't forget that FTK imager can extract a file listing that contains the MAC times of the files as well. It does this in .csv format which imports easily in to a sqlite database for querying. Or, you could use Microsoft Log parser to look at the timeline.hogflyhttps://www.blogger.com/profile/00741773109962883616noreply@blogger.com