#ActivitiesCache

DFIR Investigation - DownUnderCTF 2022 Writeup

A digital forensics and incident response challenge on deobfuscating a C2 persistence PowerShell stager, using ActivitiesCache.db to reveal past user activities, and recovering resident data from the NTFS Master File Table.