📜 File Forensics

📘 Manual

Approach With the files, you’d typically look out for several things: File system events/logs/registry (like $MFT for Windows or fseventsd for macOS), which could help build a timeline of when the file was created/deleted/modified.

JPEG

This is about … .

Office Documents

File Structure Macros A letter m at the end of extension means that doc has some macros inside.

PDFs

File Structure Malicious PDFs See more here. References Expand… [1]

PNG

Structure Malicious PNG It’s possible to craft polygon files that are legitimate PNG and PHP simultaneously.

Temp Files

This is about … .