Tag: forensics

The Master File Table (MFT) is a critical artifact in digital forensics, especially when investigating Windows-based file systems. This guide delves into the structure, importance, and analysis of MFT to help forensic analysts uncover crucial evidence. What is the Master File Table (MFT)? The MFT is a core component of the NTFS (New Technology File…

LNK files (shortcuts) are a treasure trove of forensic evidence, often overlooked in investigations. Found ubiquitously in Windows environments, these files can reveal details about file usage, paths, and associated applications. In this article, we’ll explore methods for collecting and analysing LNK files, providing insights into their forensic value and practical steps to extract critical…

When the Security Operations team is engaged, it usually means that something may have happened and requires an intervention. And that needs to happen fast: Why is your shiny software not enough? KAPE to the rescue ! KAPE is a software that collects targeted files on a host and can also run third party programs…