DFIR Investigation - DownUnderCTF 2022 Writeup
A digital forensics and incident response challenge on deobfuscating a C2 persistence PowerShell stager, using ActivitiesCache.db to reveal past user activities, and recovering resident data from the NTFS Master File Table.