File Download is used to track files downloaded onto a system. From alternate data streams to browser artifacts, we can identify where a file was downloaded from and confirm that it was downloaded from the Internet.
ADS Zone.Identifier
Use Alternate Data Streams to determine if a file was downloaded from the Internet.
Browser Artifacts
Review local user account browsing history to identify file downloads.
Downloads
Firefox and IE has a built-in download manager application which keeps a history of every file downloaded by the user.
Open/Save MRU
Track files that have been opened or saved within a Windows shell dialog box.