🛡️ Forensics Questions Playbook

Windows (Desktop & Server)

Objective: Find answers to specific, text-based questions hidden within the system.
Tools:
- File Explorer (Search)
- Command Prompt (findstr)
- Registry Editor (regedit)
Common Actions:
- Read the Question Carefully: The question in the ReadMe file will tell you what to look for.
- Search Files: Use the File Explorer search bar in C:\ or C:\Users to look for a key phrase from the question or a potential answer (e.g., “I know you are a fraud!”).
- Search File Contents: Use the findstr command. Example: findstr /S /I "some_string" C:\Users\*.*.
- Check Usernames: The answer might be a list of unauthorized users.
- Check Registry: If you suspect the answer is in the registry, you can (carefully) use regedit to search.

Objective: Find answers to specific, text-based questions hidden within the system.
Tools:
- Terminal
Common Actions:
- Read the Question Carefully: Check the ReadMe for the question.
- Search File Contents: The grep command is your best tool.
- grep -r "some_string" /home (This searches recursively (-r) in the /home directory for “some_string”).
- Find Files: Use the find command. Example: find /home -name "*secret*".
- Read Files: Use cat or less to read a file once you find it.
- Common Answers: The answer could be a specific string, a file path (e.g., /home/benjamin/Music/) , or a hash value (e.g., 7bd6478ecf2641bebc989892f835cf85).