Daily Blog #98: Sunday Funday 9/29/13 - Detecting CCleaner Challenge

Detecting CCleaner Challenge by David Cowen - Hacking Exposed Computer Forensics Blog

Hello Reader,
          It's Sunday Funday time again! I have some more images but I'm saving them for some bigger prizes, so this week be another scenario question. I was talking this week to the Texas Lawyer Technology Summit about spoliation so I thought that would be a fun topic for this weeks Sunday Funday.

The Prize:

  • Your chance to become a contributing author to the 3rd edition of hacking exposed computer forensics. Yeah you read that right, we are in the process of updating hacking exposed computer forensics, win this week and you'll get to update a chapter and be listed as a contributing author in the 3rd edition! How's that for a good prize?

The Rules:
  1. You must post your answer before Monday 9/30/13 2AM CST (GMT -5)
  2. The most complete answer wins
  3. You are allowed to edit your answer after posting
  4. If two answers are too similar for one to win, the one with the earlier posting time wins
  5. Be specific and be thoughtful 
  6. Anonymous entries are allowed, please email them to dcowen@g-cpartners.com
  7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post

The Challenge:
Your suspect has a Windows XP system and you evidence from the User Assist records that he ran CCleaner a month ago, but the count shows it has been run multiple times before. Write out what your methodology would be to determine:
  • If system cleaning took place
  • If wiping took place
  • What is now missing
 Good luck future co-author!

Also Read: Daily Blog #97 

Post a Comment