Tags: forensic image
Rating: 3.0
# Screenshot
We are given a .ad1 File and we need to find several things inside.
## Pt. 1
The first challenge is to find the name of the secret file. The description hints that we might need to find an image.
To get a better overview of the files, I extracted the .ad1 image with FTK Imager.
Now that we have got the files, we can start searching for the screenshot. As Windows somehow did not find all the files, I used Linux to do this job.
With the use of
`find . -name '*' -exec file {} \; | grep -o -P '^.+: \w+ image' `
I filtered all the files for any kind of image file and finally found the screenshot inside of the ScreenSketch Folder, which is a tool that comes with Windows, specifically the `TempState` Folder (`AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\TempState`)
The filename is `19422F1B-6C19-4190-9674-0D1C5AEC5451.png`
*Click the link for images*