Today we’re covering TryHackMe’s Investigating Windows room. A Windows machine has been hacked, and we have to go investigate the box to find clues about what the cyber criminal might have done. We’ll be using PowerShell, Windows Event Viewer, Regedit, and a little trial and error to look for some evidence to help us in our forensic investigation. Follow along with the video below!
Below I’m going to share with you my answers when going through the knowledge checks in the different tasks in the room. Definitely try to work through the problems as much as you can. Make sure to follow along in the video so you understand what you need to do to get the answers below. This particular room, most of the questions require you to figure out answers based off using tools/commands covered in the lesson.
Investigating Windows Task 1 – Investigating Windows
Network Knowledge Wrap Up
Keep an eye out as I continue to work through other TryHackMe rooms!
Here is the CompTIA Pentest+ training book bundle I used to pass my PenTest+. (Affiliate Link)
TryHackMe Investigating Windows room