Daily Blog #396: Sunday Funday 6/17/18 - Zone.Identifier Challenge

Zone.Identifier Challenge by David Cowen - Hacking Exposed Computer Forensics Blog



Hello Reader,
             We had a large number of great submissions last week and I hope we continue that trend this week! You will have a five days to try to complete this challenge now that answers are not due till Friday. Send in your answer as you have it and you are allowed to update your submission if you find new information.

Zone.Identifiers have come up on conversations recently both in my time teaching SANS FOR500 and in Phil Moore's recent tweets. Let's see what you know about them.


The Prize:

$100 Amazon Giftcard


The Rules:

  1. You must post your answer before Friday 6/22/18 7PM CST (GMT -5)
  2. The most complete answer wins
  3. You are allowed to edit your answer after posting
  4. If two answers are too similar for one to win, the one with the earlier posting time wins
  5. Be specific and be thoughtful 
  6. Anonymous entries are allowed, please email them to dcowen@g-cpartners.com. Please state in your email if you would like to be anonymous or not if you win.
  7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post



The Challenge:
Zone.Identifier alternate data streams have been around for awhile please answer the following questions.
1. What version of Windows introduced zone.identifier
2. What data is contained with in a zone.identifier
3. What sets the zone.identifier
4. what conditions causes them to be created
5. What are the limitations of zone.identifier


Post a Comment