Forensic Riddle #9c – Answer
The answer may surprise you (or not). It’s just a matter of adding extra blank character at the end of the second ‘Riddle’ directory i.e. these are ‘Riddle’ and ‘Riddle ‘ directories respectively....
View ArticleForensic Riddle #9d – Answer
Windows Explorer uses desktop.ini files to customize the look and feel of each individual folder. Apart from icon, or image, it is also possible to modify the folder’s name by replacing it with a name...
View ArticleForensic Riddle #10 – Answer
Changing the file name did the trick. File names that are single characters are treated as drives; if we still want to read the file, we need to use ‘.\’ prefix – see the screen shot for details: More...
View ArticleForensic Riddle #11 – Answer
The answer to the #11 is simple – it was an open-ended question really as it could be any executable file really that is dependent on configuration, config file, etc. I wanted to draw your attention to...
View ArticleForensic Riddle #12 – Answer
There are many answers to this one. For starters, consider triplet A, W, UTF8 instead of usual A,W in: DnsQueryExA DnsQueryExUTF8 DnsQueryExW or DnsQuery_A DnsQuery_UTF8 DnsQuery_W Other examples...
View Article