Smack your head with USN Journal: Everything you ever wanted to know about this forensic artifact

Starting with NTFS V 3.0 (Also known as NTFS 5.0) Microsoft introduced several new features in the file system to make it more robust, reliable and efficient. This included Support for disk quotas, EFS, Sparse files, reparse points and Update sequence number (USN) journaling. While NTFS v 3.0 supports all these features the actual implementation […]

Read More »
VSS

Volume Shadow Copy as an aid to forensic investigations

While conducting forensics examinations I have come across several instances where past activity record on the system had proved helpful. Volume Shadow copy forensics is one of them. What is Volume shadow copy service (VSS):  Also known as volume snapshot service; the feature was introduced with Windows XP. The Idea was to create a backup […]

Read More »
Internet Forensics

internet forensics judgment: An analysis of options available for better judgment

Shri     This morning when I checked my alerts from Google I found something of technical interest. This was a case decided by the judiciary in favor of convict that had resulted in mass criticism and media even shouting that New York court of appeals rules that looking at child pornography is not a […]

Read More »