NSRLJP_202104 has been released. Added Windows 10(1909, 2004, 20H2), 2019 (update 2019-03), and Google Chrome.

I have created a project page named mssql_4n6 for my research about MSSQL forensics

I have posted MSSQL forensics (4) - LOB data structure and this is last article of the serires.

I have posted MSSQL forensics (3) - Slot Array & Deleted Record, which covers how to identify deleted records.

I have posted MSSQL forensics (2) - Record Structure, which covers structure of records in data page.

I have posted MSSQL forensics (1) - MDF fundamentals, which covers mdf file structures & page header.

NSRLJP_201905 has been released. Added Windows 10(1803, 1809, 1903) and 2019.

Thanks to EvtxECmd, now we get better handling of deleted event log records. The detail is here.

I have posted NTFS Timestamps, which is the results about timestamps on Windows NTFS.

WinFE based on WinPE for Windows 10 (English) is available.