From 3f8022e9676e806f8b15a3603197c14a8a591739 Mon Sep 17 00:00:00 2001 From: KeRo99 Date: Fri, 23 Sep 2022 17:33:17 +0200 Subject: [PATCH 1/2] Update README.md --- README.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b3e8e7e..4bf7897 100644 --- a/README.md +++ b/README.md @@ -14,12 +14,17 @@ mftmactime.py -f /mnt/comp001/\\$MFT -o comp001_fstl.csv -n ![image](https://user-images.githubusercontent.com/143736/183637088-0089c8c4-ef23-46e1-bbd5-8321422108cb.png) -#Example with dump resident files +# Example with dump resident files mftmactime -f MFT -o test.csv -n -r recovery_output ![Screenshot at 2022-09-07 11-29-48](https://user-images.githubusercontent.com/143736/188844076-9eefc9b7-9801-4c23-a0df-0ef794b92dc1.png) -#Example of inode entries with USN Journal and MFT mixed data +# Example of inode entries with USN Journal and MFT mixed data ![image](https://user-images.githubusercontent.com/143736/191730418-ba1f5a8d-2ff0-4e88-aa30-236c5169e580.png) +# Example of dump and process from RAW Evidence + +![image](https://user-images.githubusercontent.com/143736/191998130-097e69ea-80dc-4684-80ba-d4dfbe861452.png) + + From 7d9b5c64e6879f6b8f5c16e888f2d8f5ea38cc9f Mon Sep 17 00:00:00 2001 From: KeRo99 Date: Fri, 23 Sep 2022 17:34:37 +0200 Subject: [PATCH 2/2] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 4bf7897..8ce9e68 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,7 @@ mftmactime -f MFT -o test.csv -n -r recovery_output ![image](https://user-images.githubusercontent.com/143736/191730418-ba1f5a8d-2ff0-4e88-aa30-236c5169e580.png) # Example of dump and process from RAW Evidence +mftmactime -n -f ../evidence/Testing/test-img.dd -u ../evidence/Testing/test-img.dd -o ./filesystem_tln.csv -d dump -r resindents ![image](https://user-images.githubusercontent.com/143736/191998130-097e69ea-80dc-4684-80ba-d4dfbe861452.png)