OpTinselTrace-1
An elf named "Elfin" has been acting rather suspiciously lately. He's been working at odd hours and seems to be bypassing some of Santa's security protocols. Santa's network of intelligence elves has told Santa that the Grinch got a little bit too tipsy on egg nog and made mention of an insider elf! Santa is very busy with his naughty and nice list, so he’s put you in charge of figuring this one out. Please audit Elfin’s workstation and email communications.
名叫 “小精灵” 的一位精灵最近行为很可疑。他一直在加班,并且似乎绕过了圣诞老人的一些安全协议。圣诞老人的情报精灵网络告诉圣诞老人,格林奇在蛋奶酒上喝得有点醉,并提到了一个内鬼精灵!圣诞老人忙于他的淘气和乖巧名单,所以他让你负责弄清楚这件事。请审计小精灵的工作站和电子邮件通信。
题目数据
由于附件过大,故在此不提供下载链接
Task 1
小精灵正在使用的电子邮件客户端的名称是什么?
列出 elfidence_collection\TriageData\C\users\Elfin\Appdata\Roaming
目录下的数据
Mode LastWriteTime Length Name
---- ------------- ------ ----
d---- 2023/12/11 17:05 eM Client
d---- 2023/12/11 1:20 Microsoft
d---- 2023/12/11 1:30 Notepad++
d---- 2023/12/11 1:30 top-secret
eM Client
Task 2
威胁者正在使用的电子邮件是什么?
下载软件之后,使用题目附件中的数据覆盖本地的 Appdata
文件夹,加载数据即可
不建议直接手撕,直接使用软件进行加载 Appdata
数据即可
definitelynotthegrinch@gmail.com
Task 3
威胁者什么时候联系小精灵?
2023-11-27 17:27:26
Task 4
精灵老板的名字是什么?
elfuttin bigelf