Forensics - Mount Windows Partition Showing the System Files

Mount a windows partition showing the system files:
mount -o ro,show_sys_files,streams_interface=windows /dev/sdb2 /mnt/analysis

Taken from "Super Time Line Analysis - SANS DFIR Webcast" https://www.youtube.com/watch?v=C4jNfXZ90fw


Comments

Popular posts from this blog

Netflix Streaming Blocked by Sophos UTM

BSides 2016 Hackers Challenge

Python - Vega Conflict Script to Maximize Fleet Sizes based on Fleet Mass

VBA - Script to Download a file from a URL

IoT Malware Analysis - CnC Server - Part 3