Welcome to my Digital Forensics website! You can find DFIR basics, information about tools I use, and basic Windows artifacts here!
Introduction NTFS is the current file system for Windows-based OS that was developed by Microsoft. Released in 1993, NTFS was created to address issues with the FAT filesystem (Hassan, 2017). NTFS provides scalability, stability, and support for large storage devices (Carrier, 2005). This article goes over the basics of the NTFS and why it’s used…
Read More…Introduction CHS and LBA addressing schemes are methods for a computer to reference sectors on a drive. We’ll go over some basics to know first before tackling the differences between the two. Basics I might create a separate post on how a disk is read. The video below does a great job of introducing the…
Read More…What is the registry? The Registry is a collection of database files that store vital configuration data for a system. The Registry data can be modified and/or deleted by a user. Components of the Registry An example of a Registry path is NTUSER(Hive)\Software(Key)\Microsoft(subkey)\Run(subkey with the value) Offline Hives The Registry has offline files that live…
Read More…Something went wrong. Please refresh the page and/or try again.
Ben Kixmiller's DFIR Website