Threat actors may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.