Logs & System Artifacts

Introduction

System logs and digital artifacts record traces of almost every action on a device. In CTFs, these files can hide flags, reveal the attacker’s activity, or expose persistence mechanisms.

Common targets include:

Windows Event Logs: execution, logons, privilege escalation
Registry hives: persistence and configuration data
Prefetch / LNK / Thumbcache: file and program execution evidence
RDP & TeamViewer logs: remote access traces
Linux/Unix logs: authentication, system events, shell history

Linux Log Analysis
LNK Shortcut Files
Prefetch Analysis
RDP Bitmap Cache
TeamViewer Logs
Thumbcache Analysis
USN Journal Analysis
Windows Event Logs
Windows Registry Analysis