Sans For508 Index Review

The Essential Companion: An Analysis of the SANS FOR508 Index 

• Index this: $MFT equivalent? (Ext4 – inode structures; dumpe2fs).
• Index this: Linux memory acquisition (LiME vs AVML).
• Index this: Bash history vs zsh history vs auditd logs.

Advanced Incident Response, Threat Hunting, and Digital Forensics Sans For508 Index

Keyword/Concept: Specific terms ranging from "MFT" (Master File Table) to "Shimcache". The Essential Companion: An Analysis of the SANS