Great free tools and great information on this video. It is always good to know the sources of the artifacts (hives, timestamps, logs). But AXIOM fill do the same thing with out these extra steps, these open tools are good tho. After acquiring an image, I just triage it by using FTK Imager and Eric's program Register Explorer, just to have an idea of what I will come across in the case after is done processed, which is pretty much what is going on in this video but with out the creation of timelines.
Few things here. Is the drive you are obtaining information from write protected? Second, if you are not obtaining a full disk image, then where is unallocated?
Great free tools and great information on this video. It is always good to know the sources of the artifacts (hives, timestamps, logs). But AXIOM fill do the same thing with out these extra steps, these open tools are good tho. After acquiring an image, I just triage it by using FTK Imager and Eric's program Register Explorer, just to have an idea of what I will come across in the case after is done processed, which is pretty much what is going on in this video but with out the creation of timelines.
well, minitimeline is no longer in the list of available modules, isn't that nice.
They are on her Github, but have not been updated since 2019.
Few things here. Is the drive you are obtaining information from write protected? Second, if you are not obtaining a full disk image, then where is unallocated?