Publication A Combination of Advanced Carver and Intelligent Parser (OSDFCon 2018) bulk_extractor-rec Carving utmp records for intrusion analysis Parsing carved evtx records using EvtxECmd fte System requirements Navigation type MFT Arfifact PolAdtEv PolAdtEv HFS Journal Parser HFS+ Journal Basics Deleted File Recovery using HFS Journal Trace File Activity using HFS Journal Misc Deleted Shadow Copies WinFE based on WinPE for Windows 10 NTFS Timestamps
