Friday, March 11, 2016

Forensics - Mount Windows Partition Showing the System Files

Mount a windows partition showing the system files:
mount -o ro,show_sys_files,streams_interface=windows /dev/sdb2 /mnt/analysis

Taken from "Super Time Line Analysis - SANS DFIR Webcast" https://www.youtube.com/watch?v=C4jNfXZ90fw


No comments:

Post a Comment

Powershell - Gather Mapped Drives from a List of Computer Names

I created the following Powershell script to gather remotely the mapped drives that users had in their profiles.  I had to create the script...