MAC(b) times in Windows forensic analysis

Essential information during timeline analysis   During a forensic analysis, especially during timeline analysis, you deal with MAC timestamps, so it’s important to know and understand the concept of time resolution. The MAC(b) times are derived from file system metadata and they stand for: Modified Accessed Changed ($MFT Modified) Birth (file …