Bruce Nikkel timelines.pdf
Sélectionne les dossiers auxquels / desquels tu voudrais ajouter / supprimer "Bruce Nikkel timelines.pdf"
Why are timelines important in digital forensics and why are timelines used?
Timelines are used for:
what can be is the problem with time stamps and what can be done against the problem?
We have a lot of differnt timestamps, this is very useful
What can be done against this
What is the "correct" way to write numeric dates?
What are the typical timestamps on a filesystem?
[MFT = managed file transfer]
What variations in time stamps can there be depending on the OS?
How can you build a timeline of a filesystem?
Sleuthkit's mactime tool
[bonus some commands]
Other Sluthkit commands generate "time machine" output:
Piping into mactime creates timeline file for analysis:
fls output from multiple filesystems can be in one singel timeline.
What are some of the chalanges when dealing with timestamps?
Sleuthkit has flags that can be used to adjust the time or the time zone.
Why should you never completely trust a timestamp?
There is always a possiblity of errors and anti-forensic activity.
L'offre de PostFinance pour apprendre à gérer son argent
Lehrmittel für Elektroberufe
Lernen bei den Erfolgreichsten