Points: 150
Download File from: https://github.com/mfput/CTF-Questions/raw/master/NTUSER.DAT
Hint: none
Answer: POS2009.txt
Note: NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
This is the first in a series of forensics questions based around the NTUSER.DAT file, which is the registry hive for the user profile. This questions is intentionally worded in a confusing way, as we are looking for the oldest document in the "Recent Documents".
First, we'll use
Like my work? Donate here: https://buymeacoffee.com/forensicnoobsecurity
No comments:
Post a Comment