FireEye interview question

How would you know when the malware got on the system?

Interview Answers

Anonymous

1 Mar 2016

MFT Table

1

Anonymous

16 Mar 2016

The MFT is one way but that requires a forensic look at a drive. Not much help if the machine has a virus running in memory that never hit the physical drive or it ran from a mounted drive no longer present. No real "right" answer I guess.