Means
Ability to Modify Cloud Resources
Access
Aiding and Abetting
Asset Control
Bluetooth
Bring Your Own Device (BYOD)
Clipboard
FTP Servers
Installed Software
Media Capture
Network Attached Storage
Physical Disk Access
Placement
Printing
Privileged Access
Removable Media
Screenshots
Sensitivity Label Leakage
SMB File Sharing
SSH Servers
System Startup Firmware Access
Unrestricted Software Installation
Unrevoked Access
Web Access
- ID: ME011
- Created: 25th May 2024
- Updated: 23rd June 2025
- Platforms: Windows, Linux, MacOS,
- Contributor: The ITM Team
Screenshots
A subject can take screenshots on a device.
Prevention
ID | Name | Description |
---|---|---|
PV001 | No Ready System-Level Mitigation | This section cannot be readily mitigated at a system level with preventive controls since it is based on the abuse of fundamental features of the system. |
Detection
ID | Name | Description |
---|---|---|
DT131 | Snipping Tool Cached Recordings | In Windows 11 the Snipping Tool utility, with default settings, saves screen recordings to the |
DT129 | Snipping Tool Cached Screenshots | In Windows 11 the Snipping Tool utility, with default settings, saves screenshots to the |
DT130 | Snipping Tool TempState\Snips | In Windows 11 the Snipping Tool utility, when the “Automatically save original screenshots” setting is manually toggled to disabled, will continue to save screenshots to the |