2024-05-16 | #bft #dfir #file #htb #master #mft #sherlock #table #windows
BFT (DFIR) Scenario In this Sherlock, you will become acquainted with MFT (Master File Table) forensics. You will be introduced to well-known tools and methodologies for analyzing MFT artifacts to identify malicious activity.
2024-05-16 | #dfir #file #time #timestamp #windows
FILETIME in Windows What is FILETIME? A file time is a 64-bit value that represents the number of 100-nanosecond intervals that have elapsed since 12:00 A.M. January 1, 1601 Coordinated Universal Time (UTC).
2024-05-16 | #dfir #file #master #table #windows
What is a Master File Table? The Master File Table (MFT) is a system file in the NTFS file system (having the name $MFT) that stores metadata information about all files and directories on an NTFS volume.
