Daily Blog #63: Sunday Funday 8/25/13
Hello Reader,
It's that time again, Sunday Funday time! For those not familiar every Sunday I throw down the forensic gauntlet by asking a tough question. To the winner go the accolades of their peers and prizes hopefully worth the time they put into their answer. This week I am changing things up and letting the winner pick their choice of prizes!
The Prize:
The Challenge:
It's that time again, Sunday Funday time! For those not familiar every Sunday I throw down the forensic gauntlet by asking a tough question. To the winner go the accolades of their peers and prizes hopefully worth the time they put into their answer. This week I am changing things up and letting the winner pick their choice of prizes!
The Prize:
- Winner's Choice A year license of Accessdata Triage (two left) or a Conference ticket to PFIC (last one!)
The Rules:
- You must post your answer before Midnight PST (GMT -7)
- The most complete answer wins
- You are allowed to edit your answer after posting
- If two answers are too similar for one to win, the one with the earlier posting time wins
- Be specific and be thoughtful
- Anonymous entries are allowed, please email them to dcowen@g-cpartners.com
- In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post
The Challenge:
Two questions this week! Answer one or both for those over achievers:
Question 1:
Your client has a home computer running Windows 7 and uses Internet Explorer for his web access. He has switched jobs and is working on a competing product. An opposing expert has issued a report stating that your client must have accessed a website containing the new competing product earlier than the internet history shows because he found the same fragment of a page found in the unallocated space of a shadow copy he imaged. He is alleging that this earlier access shows he was working for the competitor before he quit his job.
Why is he wrong?
Question 2:
Your suspect has a new work computer running Windows 7 and uses Google Chrome to access the internet. He has switched companies and used to work for your client. You have found Google Chrome history that predates his employment at the new company that reflects accesses to your clients system.
Why is the activity there?
That does it for this week. I think this challenge should be more accessible to a wider breadth of people. Answer both questions and win both prizes!
Daily Blog #63: Sunday Funday 8/25/13
![]()
Reviewed by David Cowen
on
August 24, 2013
Rating:
No comments: