Home Case Szechuan Sauce
Post
Cancel

Case Szechuan Sauce

By Yuchao
Posted 2023-08-11 Updated 2023-08-11 1 min read

Info

https://dfirmadness.com/the-stolen-szechuan-sauce/

Methods

Registry

1

``` some command ```

$I30 filter file “From Slack”

1

``` MFTECmd -f {$I30 path} --csv {output folder} --csvf {output file name}  ```

Findings

DESKTOP-SDN1RPT-Protected Files

1
2

- find aaaa
- find bbbb

DC01-ProtectedFiles

1
2

- find cccc
- find dddd
sec
forensic windows
This post is licensed under CC BY 4.0 by the author.
Recently Updated
Contents