So I modified mft.pm in log2timeline lib.
This is MFT.pm including filename times.
If you use log2timeline, It will support you when you analyze malware that times were changed.
Link : https://dorumugs-tools.googlecode.com/files/mft.pm
Wednesday, April 17, 2013
Log2Timeline - mft.pm
When I analyze a case, I always think that i want to see filename times.
So I modified mft.pm in log2timeline lib.
This is MFT.pm including filename times.
If you use log2timeline, It will support you when you analyze malware that times were changed.
Link : https://dorumugs-tools.googlecode.com/files/mft.pm
So I modified mft.pm in log2timeline lib.
This is MFT.pm including filename times.
If you use log2timeline, It will support you when you analyze malware that times were changed.
Link : https://dorumugs-tools.googlecode.com/files/mft.pm
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment