The $FILE_NAME Attribute
The $FILE_NAME attribute is a resident attribute identified by the hexadecimal sequence 30 00 00 …
The $FILE_NAME attribute is a resident attribute identified by the hexadecimal sequence 30 00 00 …
The $STANDARD_INFORMATION attribute ($SI) is a resident attribute identified by the hexadecimal se…
The NTFS file system is managed by several metadata files that collectively make up a sophisticat…
This post builds on a previous post . The reader is encouraged to visit that post before proceedin…
Our ability as forensic investigators to efficiently and effectively detect and contain malicious…