NSRLJP_202104 NSRLJP_202104をリリースしました。Windows 10(1909, 2004, 20H2), 2019 (2019/03分), Google Chromeとその他の更新プログラムを含めています。
MSSQL Forensics Series (4) I have posted MSSQL forensics (4) - LOB data structure and this is last article of the serires.
MSSQL Forensics Series (3) I have posted MSSQL forensics (3) - Slot Array & Deleted Record, which covers how to identify deleted records.
MSSQL Forensics Series (2) I have posted MSSQL forensics (2) - Record Structure, which covers structure of records in data page.
MSSQL Forensics Series (1) I have posted MSSQL forensics (1) - MDF fundamentals, which covers mdf file structures & page header.
Parsing carved evtx records using EvtxECmd Thanks to EvtxECmd, now we get better handling of deleted event log records. The detail is here.
WinFE based on WinPE for Windows 10 以前の記事WinFE based on WinPE for Windows 10をWindows 10 1809の内容に更新しました。