Greetings everyone! I’ve been working on a detailed guide geared towards LE/Private Sector examiners who’ve never used MFT Explorer/MFTECmd before as well as anyone looking to learn what the tool is all about. Learning a new tool is intimidating and can be frustrating, but hopefully this guide will make things easier.
The MFT Explorer/MFTECmd Guide comes on the heels of the previous guides I put together recently: KAPE, Timeline Explorer, and Registry Explorer/RECmd. All guides, current and future, can also be located in the site’s recently redesigned menu via Tools & Artifacts -> Tools -> <Tool>. This will also be home to the rest of the EZ Tools suite as I get around to making guides like this. I will follow this same format and the endgame is to have all of the EZ Tools covered in depth in this same format. These guides combined can serve as a great starting point for any examiner to get analysis underway and answers fast. If you like this, please let me know. If there’s something missing here with this format or the guides I’ve previously put together, let me know!
Also, I would like to extend my appreciation (yet again) for those who took a look at this before it went live and provided invaluable feedback. You know who you are and I apologize in advance for the future guides I’m going to have you look over ?