Tags: forensics
Rating:
Question: When Last system audit policy was changed?
Flag Format:BDSEC{MM/DD/YEAR_Hour:Minute:Second_Am/PM}
Answer:
So to check about “last system audit policy change” we can utilize event logs to do that.
So let’s open event viewer and open “Security.evtx” file.
For more details checkout this blog:[ https://upadhyayraj.medium.com/bdsec-ctf-2023-write-up-ae6cbdbf160d](http://)
