• Challenge #2 - User Policy Violation Case

This is another digital forensics image that was prepared to cover a full Windows Forensics course. Hashes: here

You can use the image to learn the following:

1. File Carving, Custom Carving, and Keyword Searching
2. File System Forensics - NTFS
3. Deep Windows Registry Forensics: System and User Hives

• SYSTEM
• SOFTWARE
• SAM
• NTUSER.DAT
• USRCLASS.DAT

Other Windows Files: LNK, Jump Lists, Libraries, etcApplication Compatibility Cache (ShimCache)Analyzing Windows Search (Search Charm)Analyzing Thumb CachesAnalyzing Prefetch FilesAnalyzing Recycle Bin(s)USB ForensicsEvents AnalysisEmail Forensics: Web and OutlookBrowser Forensics: Internet Explorer and Google ChromeSkype Forensics

This image covers most if not all of the recent system artifacts that you might encounter. Let me know if you need any help or if you are an instructor and want the answers to each part of the case. I will only send the answers to verified instructors.

Due to lots of requests, I have decided to compile a manual or a book for the second image with Q&As to help you go through the challenge and solve every part of it. URLs and further explanations will be provided very soon. Stay tuned my friends and happy hunting ;)

End of Case.

comment

Reviews