Awesome tech segment on MFT Timeline analysis from the Pauldotcom guys.
The Tech Segment explains how to perform a Timeline analysis with open-source tools and how to spot anti-forensics techniques like timestamp manipulations.
More information on timestamp manipulation can be found in the Sans Computer Forensics Blog that I already commented in this post.
The original blog post on the Sans Computer Forensics Blog talks about a tool called mft_parser_cl created by Mark McKinnon that has been released for this tech segment. It is really helpful to spot timestamp manipulations, because it is able to pull $FILE_NAME time stamps and put them into bodyfile format so they can be added to the overall time line for analysis.