all InfoSec news
Unallocated file date accuracy (TSK)
Nov. 25, 2022, 12:52 p.m. | /u/JimmyMcTrade
Computer Forensics www.reddit.com
I'm working on my project and I found a file that is a solid indicator of compromise. Filename is a hash, it shows as an application/octet-stream and has path c:/Users/$user/AppData/Local/Packages/Microsoft.Windows\[...\]. In other words, it does not say orphan.
The date shown on Autopsy for created, accessed, changed,and modified show as the same (sometime in the spring).
How confident can I be about this date? If it's correct, it would signal that the system compromise goes back to the …
More from www.reddit.com / Computer Forensics
Is public computer forensics dying?
1 day, 17 hours ago |
www.reddit.com
Online websites or resources for DFIR reports
1 week, 3 days ago |
www.reddit.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Cyber Systems Administration
@ Peraton | Washington, DC, United States
Android Security Engineer, Public Sector
@ Google | Reston, VA, USA
Lead Electronic Security Engineer, CPP - Federal Facilities - Hybrid
@ Black & Veatch | Denver, CO, US
Profissional Sênior de Compliance & Validação em TI - Montes Claros (MG)
@ Novo Nordisk | Montes Claros, Minas Gerais, BR
Principal Engineer, Product Security Engineering
@ Google | Sunnyvale, CA, USA