Category Archives: Forensics

More FTK Filters

In my last post, I mentioned two useful FTK filters for quickly finding files of interest. Below are two more that may be helpful to a digital investigator examining a Microsoft Windows Server 2008 R2 server (may work on others, … Continue reading

Posted in Forensics | Tagged , | Leave a comment

FTK Filters are Your Friend

I have been working on a forensic investigation of about 20 Windows Server 2008 R2 VMs using FTK 4.2. FTK makes examining many systems manageable. One feature that has saved me a tremendous amount of time is the Filters feature. … Continue reading

Posted in Forensics | Tagged , , , | Leave a comment