1abc_land_grab.7z

#DigitalForensics #CyberSecurity #CTF #InfoSec #BlueTeam #IncidentResponse

Sometimes these archives contain a slice of RAM ( .raw or .dmp ) captured during the "grab" event. 1ABC_Land_Grab.7z

Traces of where the "grab" started. Look for .evtx or .log files that show rapid-fire file creation. 1ABC_Land_Grab.7z