Saturday, December 14, 2013

Daily Blog #175: Sunday Funday 12/15/13

Hello Reader,
         It's Sunday and time for the gauntlet to be thrown down to those who are willing to sacrifice part of their day for a worthy prize. This week if you watched the Forensic Lunch you heard Yogesh Kahtri talk about Windows 8 forensics and I'm going to focus this weeks challenge on Windows 8. In this challenge you will need to download and analyze some data so I'm going to give you more time than usual.

The Prize:



The Rules:
  1. You must post your answer before Monday 12/16/13 1PM CST (GMT -5)
  2. The most complete answer wins
  3. You are allowed to edit your answer after posting
  4. If two answers are too similar for one to win, the one with the earlier posting time wins
  5. Be specific and be thoughtful 
  6. Anonymous entries are allowed, please email them to dcowen@g-cpartners.com
  7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post

The Challenge:
You are analyzing a Windows 8.1 system and run across a lnk file in the suspects recent directory. The lnk file points to a website but the suspect has denied accessing it. Analyze the lnk files and explain how a lnk file to a website will be created in the a users recent folder in Windows 8.1

Download the LNKs here:
https://drive.google.com/file/d/0B_mjsPB8uKOAU2cwZUM4aEpQV2c/edit?usp=sharing