Investigation Scenario 🔎
You’ve discovered a Windows system with screenshots of the user’s desktop in the %appdata%\ScreenShot\ directory.
What do you look for to investigate whether an incident occurred?
#InvestigationPath #DFIR #SOC
You’ve discovered a Windows system with screenshots of the user’s desktop in the %appdata%\ScreenShot\ directory.
What do you look for to investigate whether an incident occurred?
#InvestigationPath #DFIR #SOC
Comments