ð File Forensics
ð Manual
Approach With the files, you’d typically look out for several things: File system events/logs/registry (like $MFT for Windows or fseventsd for macOS), which could help build a timeline of when the file was created/deleted/modified.
JPEG
This is about … .
Office Documents
File Structure Macros A letter m at the end of extension means that doc has some macros inside.
PDFs
File Structure Malicious PDFs See more here. References Expand… [1]
PNG
Structure Malicious PNG It’s possible to craft polygon files that are legitimate PNG and PHP simultaneously.
Temp Files
This is about … .