Blue Team POV: System Analysis
> In this challenge, you will analyze a compromised system $MFT file related to attacks targeting NTFS timestamps. This challenge aims to showcase the importance of the $MFT file in a forensics investigation and the importance of timestamps to distinguish abnormal vs. normal activity.

Who is this for:
>Early career to mid practitioners. This challenge may be difficult for individuals new to cybersecurity, but the difficulty rating on this challenge is relatively low. We encourage using any internet resources and community/colleague assistance in completing the challenge.
Are write-ups permitted?
>Yes, write-ups are permitted; please do not post answers directly. All write-ups should include a link to Cybrary and the Cybrary Course.
What resources are available to help solve this challenge?:
>Online search, community, colleagues, or fellow practitioners.