Hello Reader,
It's Sunday! Time for another forensic challenge to get your minds revved up for another week of investigations. This week I have something of a moderate difficulty so I'm hoping a wider range of people will give this a try. As in prior weeks the most complete answer wins, however if two people have the same information and completeness I will declare the one who commented fully first the winner. The prize this week? A Seagate Desktop Plus 4TB external drive with a USB3 dock, as seen here.
The challenge? It's believed that a user account had an interactive login on a Windows Server 2008 R2 system. The suspect is thought to be a senior IT architect and may have used anti-forensic techniques to hide his activities. Please answer the following:
1. Where by default would you find evidence of an interactive login, please list all locations
2. What would you do to determine if anti-forensic methods were taken
3. What would your next steps be
The rules:
1. The most complete answer wins
2. If you win I need a shipping address and a name sent to me via email
3. You have until midnight PST (GMT -7) on 7/14/13 to answer
4. You are allowed to edit and update your answer
5. If two answers are the same the earlier answer wins
Good luck!
It's Sunday! Time for another forensic challenge to get your minds revved up for another week of investigations. This week I have something of a moderate difficulty so I'm hoping a wider range of people will give this a try. As in prior weeks the most complete answer wins, however if two people have the same information and completeness I will declare the one who commented fully first the winner. The prize this week? A Seagate Desktop Plus 4TB external drive with a USB3 dock, as seen here.
The challenge? It's believed that a user account had an interactive login on a Windows Server 2008 R2 system. The suspect is thought to be a senior IT architect and may have used anti-forensic techniques to hide his activities. Please answer the following:
1. Where by default would you find evidence of an interactive login, please list all locations
2. What would you do to determine if anti-forensic methods were taken
3. What would your next steps be
The rules:
1. The most complete answer wins
2. If you win I need a shipping address and a name sent to me via email
3. You have until midnight PST (GMT -7) on 7/14/13 to answer
4. You are allowed to edit and update your answer
5. If two answers are the same the earlier answer wins
Good luck!
