HTB Sherlock: BFT
Background The Master File Table (MFT) is a core component of the NTFS filesystem used by Windows. Every file and directory on an NTFS volume has at least one entry in the MFT, storing metadata such as filenames, timestamps, file attributes, and — for small files — the file content itself. When file content is stored directly inside the MFT record it is called an MFT Resident file. In this Sherlock, we are given a raw $MFT file extracted from a compromised Windows machine and asked to investigate a targeted attack against a user named Simon Stark. ...