The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices
Due to the quality of results and how long it takes to process MFT and USNJRNL entries with Plaso consider either making them opt in or opt out from default parser lists
orlikoski
commented
5 years ago
Due to the quality of results and how long it takes to process MFT and USNJRNL entries with Plaso consider either making them opt in or opt out from default parser lists