Posted in Forensics

FTK Windows Server 2008 SYSTEM Filter

I recently found it necessary to quickly grab a large amount of SYSTEM registry files to determine the current control…

Continue Reading...
Posted in Forensics

More FTK Filters

In my last post, I mentioned two useful FTK filters for quickly finding files of interest. Below are two more…

Continue Reading...
Posted in Forensics

FTK Filters are Your Friend

I have been working on a forensic investigation of about 20 Windows Server 2008 R2 VMs using FTK 4.2. FTK…

Continue Reading...