Note:I translated Japanese into English using Google Translate.Thank you, Google. When audit setting "Audit PNP Activity" is enabled on Windows 10, event ID 6416 is recorded. Auditing is not enabled for this item by default. Let's check th…

Note:I translated Japanese into English using Google Translate.Thank you, Google. Last week I enjoyed File System Tunneling.Unfortunately, I could not reproduce File System Tunneling with NTFS 'E: drive. This time I use the C: drive for te…

Note:I translated Japanese into English using Google Translate.Thank you, Google. iria_piyo has published some interesting verifications on File System Tunneling in the blog. I read those blogs and I wanted to see how the USN Journal was r…