The Ultimate Guide to the SANS FOR508 (GCFA) Index SANS FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
The Ultimate Guide to the SANS FOR508 Index: Mastering DFIR Mastery Sans For508 Index
: PsExec artifacts, PowerShell Remoting, and RDP bitmap cache files. 4. Memory Forensics (Volatility 3) The Ultimate Guide to the SANS FOR508 (GCFA)
Master File Table (MFT) structures, $MFT , $LogFile , and $UsnJrnl . you are actually studying.
Knowing when a file is small enough to live entirely inside the MFT record. LogFileandcap L o g cap F i l e a n d
The act of building the index is 80% of the value. When you type out "MFT Entry modification" and force yourself to write a short description, you are actually studying.