<p>The $UsnJrnl is an artifact that logs certain changes to files in NTFS volumes. It is a great source of timeline information for malware\ IR investigations, time stomping concerns and anti-forensics activities (i.e. wiping) as well as an additional source of file use and knowledge evidence for disk forensics.</p>

The $UsnJrnl is an artifact that logs certain changes to files in NTFS volumes. It is a great source of timeline information for malware\ IR investigations, time stomping concerns and anti-forensics activities (i.e. wiping) as well as an additional source of file use and knowledge evidence for disk forensics.

<p>The&nbsp;$UsnJrnl is an artifact that logs certain changes to files in NTFS volumes. It is a great source of timeline information for malware\ IR investigations, time stomping concerns and anti-forensics activities (i.e. wiping) as well as an additional source of file use and knowledge evidence for disk forensics.</p>

DFSP # 015 - $UsnJrnl File

Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.

Share DFSP # 015 - $UsnJrnl File

Sign up to save your podcasts

DFSP # 015 - $UsnJrnl File

DFSP # 015 - $UsnJrnl File

More shows like Digital Forensic Survival Podcast

Adversary Universe Podcast