Top Ad unit 728 × 90

Latest News


Daily Blog #133: Sunday Funday 11/3/13

Hello Reader,
           Another fun week, I got to speak at Bsides DFW yesterday and reach out to our infosec brethren and spread the good DFIR word. I gave a write blocker and a book as a door prize and someone mentioned that a writeblocker would be a very tempting Sunday Funday prize so here we go! This week's challenge focuses on terminal services accesses and their artifacts.

The Prize:

The Rules:
  1. You must post your answer before Monday 11/4/13 2AM CST (GMT -5)
  2. The most complete answer wins
  3. You are allowed to edit your answer after posting
  4. If two answers are too similar for one to win, the one with the earlier posting time wins
  5. Be specific and be thoughtful 
  6. Anonymous entries are allowed, please email them to
  7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post

The Challenge:
A shared Windows 2008 R2 terminal server was setup allowing employee's to work from home without requiring VPN access. On that server several files used by a department suddenly got deleted  and no one is taking responsibility. What would you do to determine what user deleted the files with the assumption that they RDP'd in to do so.
Daily Blog #133: Sunday Funday 11/3/13 Reviewed by David Cowen on November 02, 2013 Rating: 5

No comments:

All Rights Reserved by Hacking Exposed Computer Forensics Blog © 2014 - 2020
Powered By Blogger, Designed by Sweetheme

Contact Form


Email *

Message *

Powered by Blogger.