Having fun while learning about and pivoting into the world of DFIR.
by ogmini
Another quick post as its Memorial Day weekend! I took a few minutes today to continue looking at what the master key actually encrypts. Yesterday we looked specifically at the tables related to Connections. Today, I’m looking at the tables related to documentation which I documented in Part 4.
Nothing is encrypted here at all by the master key. All the documentation and its history are stored in plain text.
I’m rather surprised at this!
tags: DFIR - Remote Desktop Manager