Tags: forensic image
Rating: 3.0
We are given a .ad1 File and we need to find several things inside.
The first challenge is to find the name of the secret file. The description hints that we might need to find an image. To get a better overview of the files, I extracted the .ad1 image with FTK Imager.
Now that we have got the files, we can start searching for the screenshot. As Windows somehow did not find all the files, I used Linux to do this job.
With the use of
find . -name '*' -exec file {} \; | grep -o -P '^.+: \w+ image'
I filtered all the files for any kind of image file and finally found the screenshot inside of the ScreenSketch Folder, which is a tool that comes with Windows, specifically the TempState Folder (AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\TempState)
The filename is 19422F1B-6C19-4190-9674-0D1C5AEC5451.png
Click the link for images
