Hello Everyone….
This writeup covers two forensic challenges from the BlackHat MEA CTF 2024 Qualification round.
Artifact (Easy — 90pts)
==============================
The attached file is Registry Hive, I used the RegRipper tool to get the data.
After the tool finished its task, I searched for all .exe files. until I found a suspicious file named DeadPotato-NET4.exe, the execution date was included..
The Flag is : BHFlagY{DeadPotato-NET4.exe_09/08/2024_22:42:13}
