Saturday, August 17, 2013

Daily Blog #56: Sunday Funday 8/18/13

Hello Reader,
           It's that time again, Sunday Funday time! For those not familiar every Sunday I throw down the forensic gauntlet by asking a tough question. To the winner go the accolades of their peers and prizes hopefully worth the time they put into their answer. This week I am changing things up and letting the winner pick their choice of prizes!

The Prize:
The Rules:
  1. You must post your answer before Midnight PST (GMT -7)
  2. The most complete answer wins
  3. You are allowed to edit your answer after posting
  4. If two answers are too similar for one to win, the one with the earlier posting time wins
  5. Be specific and be thoughtful 
  6. Anonymous entries are allowed, please email them to dcowen@g-cpartners.com
  7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post

The Challenge:

The suspect is believed to have taken source code from his past employer and made use of it in the development of a new product. For a  Ubuntu Linux system (any modern version 11 forward) where the user is using Gnome and CVS answer the following:

1. Where would you look to see what devices had been connected
2. Where would you look to see what files/directories had been accessed
3. Where would you look for user activity related to source code development

Good luck! I'm having fun switching up operating systems to expand the challenge to more participants! I'm looking to see who else out there is having fun with some mainly unknown Linux forensic artifacts.