Note:I translated Japanese into English using Google Translate.Thank you, Google. Summary: I tested the Recycle.bin delete option of the Storage sense feature. Files in Recycle.bin are deleted by task SilentCleanup??. Sample JPEG file in R…

Note:I translated Japanese into English using Google Translate.Thank you, Google. Summary: I confirmed that the latest Last Access Time is written to disk by accessing the file after 1 hour has elapsed. After one hour elapsed, when shuttin…

Note:I translated Japanese into English using Google Translate.Thank you, Google. Summary: I used FTK Imager and Autopsy as a tool to check Last Access Time on NTFS volume. However, adding Local Drive did not produce the expected results.(…

Note:I translated Japanese into English using Google Translate.Thank you, Google. Summary: NTFS's Last Access Time resolution is one hour. ( I started the test on Win 10 ver 1803.) "fsutil file layout" command and PowerShell displays the l…

Note:I translated Japanese into English using Google Translate.Thank you, Google. I confirmed DisableLastAccess in verification environment. The size of C: is 40 GB.The value of DisableLastAccess was "2" and "Disabled"...."Disabled"??? I c…

Note:I translated Japanese into English using Google Translate.Thank you, Google. Delete the registry key and check the time stamp.Create sample registry keys and values under SYSTEM. Last write timestamp:2018-12-09 05:33:00(UTC) Delete th…

Note:I translated Japanese into English using Google Translate.Thank you, Google. This is the continuation of the Amcache test. I connected a USB memory and created an LNK file.Each LNK file targets the CLI and the GUI program that exist o…

Note:I translated Japanese into English using Google Translate.Thank you, Google. Have you seen the Amcache season of Forensic Lunch Test Kitchen? Unfortunately, I have not seen everything yet. I am planning to enjoy them at the weekend. a…