Approach With the files, you’d typically look out for several things: File system events/logs/registry (like $MFT for Windows or fseventsd for macOS), which could help build a timeline of when the file was created/deleted/modified.
This is about … .
File Structure Macros A letter m at the end of extension means that doc has some macros inside.
File Structure Malicious PDFs See more here. References Expand… [1]
Structure Malicious PNG It’s possible to craft polygon files that are legitimate PNG and PHP simultaneously.
This is about … .