ogmini - Exploration of DFIR
Having fun while learning about and pivoting into the world of DFIR.
About Blog Research CTF/Challenge GitHub RSS
9 May 2025
Researching RDCMan - Part 3
by ogmini
Was poking around the Recent Virtual Group settings and it looks like I discovered a bug in the latest version (v3.1) of RDCMan. I’ve already reported it so hopefully it will get fixed. Would be a useful forensic artifact to have! It does work as expected on an older version of RDCMan that I still have (v2.93). So the below testing has been done on that version.
Recent Virtual Group
By default, this displays the last 10 servers that have had successful connections. You’ll find this in the RDCMan.settings file under the recentlyUsed element. The list of servers is in most recently connected order.
