Incident Response & Forensics


Education Level: Basic

4418 - Windows Timelines in Minutes

Monday, September 25
4:30 PM - 5:30 PM

A timeline is an essential part of many forensics/incident response cases. Attendees of this presentation will learn how to create timelines for NTFS filesystems in a matter of minutes using 100 percent free and open source software. Tools used include Python, MySQL and shell scripting. Additionally, Windows timestamp rules will be discussed in detail. Knowledge gained in this talk should be helpful to anyone performing incident response, penetration testers and those wanting a deeper understanding of NTFS timestamps.

Learning Objectives:

Philip Polstra

Associate Professor of Digital Forensics
Bloomsburg University of Pennsylvania

Phil Polstra has been playing with technology and building electronics from an early age. He is currently an associate professor teaching digital forensics at Bloomsburg University of Pennsylvania (one of less than ten forensics programs to have obtained the NSA/DHS CAE distinction). He has written several books on forensics and penetration testing using small devices. He is an internationally recognized authority on forensics, aviation security and hardware hacking that has made repeat appearances at top conferences throughout the world. He also is the organizer of the BloomCON Computer Forensics and Security Conference. When not teaching or speaking Phil has been known to fly, teach others to fly, build aircraft, dabble with woodworking and create custom electronics with his children.


Send Email for Philip Polstra


4418 - Windows Timelines in Minutes

MP3 Audio Slides Video

Attendees who have favorited this

Please enter your access key

The asset you are trying to access is locked. Please enter your access key to unlock.

Send Email for Windows Timelines in Minutes