drop mft usn journal prefetch shimcache and evtx csvs · detect coordinated multi-artifact evidence destruction · identify systematic cleanup campaigns · score the overall anti-forensic effort · surface the full picture of what was removed · runs locally
multi-artifact meta analysis
drop mft / usn / prefetch / shimcache / evtx / registry
or click
15 anti-forensic categories · 30-minute sliding windows · coordination score · cleanup method
drop mft · usn · prefetch · shimcache · evtx · registry