Followup on NTFS Forensics Tech Segment

[Bugbear <gbugbear () gmail com>]

Hello All

I put up a quick followup to my tech segment on EP
236<http://pauldotcom.com/wiki/index.php/Episode236#Special_Guest_Tech_Segment:_Tim_Mugherini_presents_NTFS_MFT_Timelines_and_malware_analysis>on
NTFS MFT Analysis. The followup is on parsing the NTFS $UsnJrnl during
malware analysis and can be found here:
http://securitybraindump.blogspot.com/2011/07/dear-diary-today-i-was-infected-with.htmlDon't
hesitate to point out errors. Hope someone finds it useful.

For those of you in or heading the Vegas, don't do anything I wouldn't do
(which means anything goes).

Tim
@bug_bear

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com