The challenge provided a log file containing some verbose events that I’ve noticed when dealing with the first forensics chall, they were related to remote command executions in PowerShell, identified by Event ID 4104. The first notable event, dated 07-12-2024, included a reversed Base64 string.