Digital Forensics & Anti-Forensics Explained: NTFS Artifacts, ADS, File Carving & Timestomping

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/bd/3d/11/bd3d1187-8de1-88c5-199c-8c4f13ffa0ae/mza_16560012528869136015.jpg/600x600bb.jpg

Everyday Cyber

Alex Reid

11 episodes

1 week ago

Everyday Cyber is your weekly guide to mastering cybersecurity — from real-world threats to real career growth. Hosted by cybersecurity analyst Alex Reid, this podcast delivers clear, actionable insights for anyone looking to stay safe online and break into the cyber industry. Whether you're a beginner exploring the field, prepping for certifications like Security+, SC-200, or aiming to land your first SOC analyst role — Everyday Cyber has your back. Each episode covers: Breaking down phishing attacks, ransomware, and real-world threats Blue team strategies and

Technology

RSS

All content for Everyday Cyber is the property of Alex Reid and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/44019277/44019277-1751810299545-229344e93dc64.jpg

Digital Forensics & Anti-Forensics Explained: NTFS Artifacts, ADS, File Carving & Timestomping | Ep. 7

Everyday Cyber

24 minutes 31 seconds

4 months ago

Digital Forensics & Anti-Forensics Explained: NTFS Artifacts, ADS, File Carving & Timestomping | Ep. 7

🧠 Episode 7 – Everyday Cyber Podcast
In this episode, host Alex Reid explores the battlefield between digital forensics and anti-forensics — revealing how investigators extract hidden truths from NTFS volumes, and how attackers attempt to cover their tracks.

From Alternate Data Streams (ADS) and Volume Shadow Copies, to timestomping and file wiping, this episode dives into the structures and techniques that define modern forensic investigations — and the countermeasures used to evade them.

🔍 What You'll Learn in This Episode:

Key forensic artifacts in NTFS: $MFT, $I30, $LogFile, $UsnJrnl
How Alternate Data Streams (ADS) are used to hide data
Timestomping, file wiping, and registry key deletion as anti-forensics
Tools like MFTECmd, Bulk Extractor, PhotoRec, and vss_carver.py
How forensic analysts perform file carving, super timelines, and triage collection
The role of Zone.Identifier ADS, VSS, and SDelete in investigations
Techniques attackers use to stay hidden in plain sight — and how to find them

Whether you're learning digital forensics or defending against sophisticated attackers, this episode gives you a detailed breakdown of how investigations work at the file system level.

digital forensics

anti-forensics

alternate data streams

NTFS forensics

volume shadow copy forensics

file carving

timestomping detection

mftecmd tutorial

file wiping

photoRec recovery

zone.identifier ADS

NTFS metadata

ADS malware hiding

super timeline forensics

triage collection

bulk extractor forensic

registry key wiping

forensic tools podcast

NTFS MFT analysis

digital forensic investigation

everyday cyber podcast