Sunday, June 30, 2013

Daily Blog #7: Sunday Funday

Hello Reader,
       It's Sunday! Lenny Zelster did quotes on Sundays, but I'll be honest I don't do much quoting from famous people. So instead, lets have a contest. Every Sunday I'll be posting a question regarding digital forensics, first person to answer gets a prize. This weeks contest will be easy, didn't plan ahead enough to make it difficult :) The prize? A signed copy of the new book!

Rules: First person to comment with the most correct answer wins. Note I said most correct, if you think someone else only answered the question part way you can go into further detail to win. Employees of G-C Partners, LLC are not eligible, as you already have a copy of the book.

I want to use google+ comments for this for the time stamping, no funny business.

So the question: You have been given a forensic image of a Windows 7 system, you have been requested to determine if an external drive has been plugged in. They want to know the following:
  • When was it first plugged in
  • What was it last plugged in
  • What other times was it plugged in
  • What files and directories were copied and/or accessed from the drive
In your answer please list the artifacts and process you would follow to get this data.

You have until midnight PST (GMT -7) 6/30/13 to give it a try.

Good luck!