tag:blogger.com,1999:blog-9518042.post8581057164173028073..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: MFT AnalysisUnknownnoreply@blogger.comBlogger2125tag:blogger.com,1999:blog-9518042.post-88702454166431767242010-02-18T18:44:28.619-05:002010-02-18T18:44:28.619-05:00Phil,
I'm sure that's the case.
I don&...Phil,<br /><br />I'm sure that's the case. <br /><br />I don't have EnCase.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-33486321933639907842010-02-18T18:40:02.952-05:002010-02-18T18:40:02.952-05:00Harlan:
I know you're a big Perl guy and I lo...Harlan:<br /><br />I know you're a big Perl guy and I love what you've done with RegRipper. However, I'm sure you're aware that there are several EnScripts that do a pretty good job parsing out MFT records and reporting on the SI and FB Attributes. I'm wondering whether it would be possible to improve on those EnScripts to do the time analysis you describe.Phil Rodokanakishttps://www.blogger.com/profile/17663314202364550318noreply@blogger.com