DRIF

24 April 2018

https://github.com/jschicht/RawCopy

RawCopy.exe /FileNamePath:c:\$MFT  /OutputPath:Z:\ /OutputName:MFT

RawCopy.exe /FileNamePath:c:\$LogFile  /OutputPath:Z:\ /OutputName:LogFile

http://www.orionforensics.com/w_en_page/NTFS-Journal-Viewer.php

 

http://sketchymoose.blogspot.com/2012/10/triageir.html

https://isc.sans.edu/forums/diary/Incident+Response+with+Triageir/18509/

 

https://github.com/AJMartel/IRTriage

 

http://journeyintoir.blogspot.com/2016/01/triage-practical-malware-event-web-logs.html