Tweet
Hello,
I would like to create a super timeline report of all files I have ingested and indexed in an OSForensics case.
I first mounted a forensic image file of a 32GB USB thumb drive using FTK Imager.
I then pointed OSForensics at the mounted drive of the forensic image file.
I would like to generate a report of all of the files that OSForensics indexed for the case that includes such metadata as File Name, Date Created, Date Accessed, and Date Modified.
The goal of the report is to be able to determine which files were created on the original evidence USB thumb drive before and after certain key dates.
I have tried running a search for "*.*" (without the quote marks), in an attempt to return all files that are on the thumb drive, but I am not certain that this particular search is returning all files.
Is there a better method to achieve my goal?
I would like to create a super timeline report of all files I have ingested and indexed in an OSForensics case.
I first mounted a forensic image file of a 32GB USB thumb drive using FTK Imager.
I then pointed OSForensics at the mounted drive of the forensic image file.
I would like to generate a report of all of the files that OSForensics indexed for the case that includes such metadata as File Name, Date Created, Date Accessed, and Date Modified.
The goal of the report is to be able to determine which files were created on the original evidence USB thumb drive before and after certain key dates.
I have tried running a search for "*.*" (without the quote marks), in an attempt to return all files that are on the thumb drive, but I am not certain that this particular search is returning all files.
Is there a better method to achieve my goal?
Comment