Detections
- Home
- - Detections
- -DT084
- ID: DT084
- Created: 25th July 2024
- Updated: 25th July 2024
- Platform: Windows
- Contributor: Ismael Briones-Vilar
TypedPaths
TypedPaths is a Windows registry key located at NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths
. This key records the last 25 paths entered or pasted into the path bar of Windows File Explorer. By analyzing the entries within TypedPaths registry key, investigators can uncover information about recent access to network resources through Explorer.
Sections
ID | Name | Description |
---|---|---|
IF004.003 | Exfiltration via Personal NAS Device | A subject exfiltrates data using an organization-owned device (such as a laptop) by copying the data from the device to a personal Network Attached Storage (NAS) device, which is attached to a network outside of the control of the organization, such as a home network. Later, using a personal device, the subject accesses the NAS to retrieve the exfiltrated data. |