Our user "Hattori" has reported strange behavior on his computer and realized that some PDF files have been encrypted, including a critical document to the company named important_document.pdf. He decided to report it; since it was suspected that some credentials might have been stolen, the DFIR team has been involved and has captured some evidence. Join the team to investigate and learn how to get information from a memory dump in a practical scenario.
https://tryhackme.com/room/critical
using windows.info plugin you will get the answer for the first 3 questions
windows.info plugin : gets general information about the Windows operating system, such as version, build number, system root, number of processors, and product type.
