An Incident Response (IR) examiner faced with a case or asked whether something ‘funny’ or ‘bad’ happened on a host will wonder if a comprehensive file listing is attainable for the system in question. Sometimes this comes in the form of a question, such as “How long has that malware been there,” or “Was the...