Detecting NTFS Timestomping

https://www.tcm.rocks/soclive-y - Join Andrew Prince for the upcoming SOC Level 1 Instructor-Led Training from April 14 - 17th! Learn more about digital forensics, network security monitoring, and more when you sign up for this 4-day session. You'll walk away with the skills you need for a SOC Level 1 or 2 role as well as to pass the Practical SOC Analyst Associate (PSAA) certification exam! Attackers often utilize timestomping to hide new files or changes to existing files by modifying file time attributes. Dive into some NTFS forensics to discover how analysts can detect timestomping attacks. Timestomping occurs when an attacker uses timestamps to disguise their presence on a victim's machine. They hide their activity by altering timestamps. 👀 Be sure to subscribe for more content like this from the TCM Security team! Learn more from Andrew Prince in SOC 101, and prove you know your stuff with the PSAA (Practical SOC Analyst Associate)! Get started below: https://www.tcm.rocks/soc101-y https://www.tcm.rocks/psaa-y #timestomping #digitalforensics #dfir #informationsecurity #blueteam With credit to: https://ericzimmerman.github.io/#!index.md   Sponsor a Video: https://www.tcm.rocks/Sponsors Pentests & Security Consulting: https://tcm-sec.com Get Trained: https://academy.tcm-sec.com Get Certified: https://certifications.tcm-sec.com Merch: https://merch.tcm-sec.com 📱Social Media📱 ___________________________________________ X: https://x.com/TCMSecurity Twitch: https://www.twitch.tv/thecybermentor Instagram: https://www.instagram.com/tcmsecurity/ LinkedIn: https://www.linkedin.com/company/tcm-security-inc/ TikTok: https://www.tiktok.com/@tcmsecurity Discord: https://discord.gg/tcm Facebook: https://www.facebook.com/tcmsecure 💸Donate💸 ___________________________________________ Like the channel? Please consider supporting me on Patreon: https://www.patreon.com/thecybermentor Support the stream (one-time): https://streamlabs.com/thecybermentor Hacker Book