Hello Reader,
It's Sunday! Time for another forensic challenge to get your minds revved up for another week of investigations. This week I have something of a moderate difficulty so I'm hoping a wider range of people will give this a try. As in prior weeks the most complete answer wins, however if two people have the same information and completeness I will declare the one who commented fully first the winner. The prize this week? A Seagate Desktop Plus 4TB external drive with a USB3 dock, as seen here.
It's Sunday! Time for another forensic challenge to get your minds revved up for another week of investigations. This week I have something of a moderate difficulty so I'm hoping a wider range of people will give this a try. As in prior weeks the most complete answer wins, however if two people have the same information and completeness I will declare the one who commented fully first the winner. The prize this week? A Seagate Desktop Plus 4TB external drive with a USB3 dock, as seen here.
The Challenge:
The challenge? It's believed that a user account had an interactive login on a Windows Server 2008 R2 system. The suspect is thought to be a senior IT architect and may have used anti-forensic techniques to hide his activities. Please answer the following:
The challenge? It's believed that a user account had an interactive login on a Windows Server 2008 R2 system. The suspect is thought to be a senior IT architect and may have used anti-forensic techniques to hide his activities. Please answer the following:
1. Where by default would you find evidence of an interactive login, please list all locations.
2. What would you do to determine if anti-forensic methods were taken.
3. What would your next steps be.
The rules:
1. The most complete answer wins.
2. If you win I need a shipping address and a name sent to me via email.
3. You have until midnight PST (GMT -7) on 7/14/13 to answer.
4. You are allowed to edit and update your answer.
5. If two answers are the same the earlier answer wins.
Good luck!
Also Read: Daily Blog #20
Post a Comment