Aim of the Experiment

The aim of this experiment is to explore key attributes within the Master File Table (MFT), recover the content of deleted resident files, and demonstrate how to add and retrieve data from an Alternate Data Stream (ADS).

Applications

• Helps in digital forensic investigations by revealing deleted files and hidden data.
• Supports malware analysis by detecting payloads concealed in Alternate Data Streams.
• Assists in timeline reconstruction through analysis of file metadata and timestamps.
• Enables detection of suspicious or anomalous file behavior using MFT attributes.