DFIR Alternate Data Streams, DFIR and Mark Of The Web Enter the Rabbit Hole During an investigation, we came across Microsoft Defender correlating a file to a certain site. We did, however, not find any connections or telemetry that showed …