Awesome tech segment on  MFT Timeline analysis from the Pauldotcom guys.

The Tech Segment explains how to perform a Timeline analysis  with open-source tools and how to spot anti-forensics techniques like timestamp manipulations.

More information on timestamp manipulation can be found in the Sans Computer Forensics Blog that I already commented in this post.

The original blog post on the Sans Computer Forensics Blog talks about a tool called  mft_parser_clcreated by  Mark McKinnon that has been released for this tech segment. It is really helpful to spot timestamp manipulations, because it is able to pull $FILE_NAME time stamps and put them into bodyfile format so they can be added to the overall time line for analysis.