Digital Forensics Challenge - Save the Animals
Scenario:
The Toy Story Police Department (TSPD) is investigating a series of kidnappings. Baby stuffed animals are being kidnapped from their homes and sold on the international stuffed slave market. Sheriff Woody raided the office of the suspected ringleader. The Toy Story Incident Response (TSIR) team was able to perform data acquisition on found devices and computers. The suspect claims he is innocent and that any evidence found was planted on his computer. TSPD has also captured a laptop from one of the alleged stuffed animal buyers. Your job is to analyze the acquired data and answer the questions in the attached document so that Sheriff Woody can bust this evil stuffed slave market.
This is an Inventory list of Product IDs of recently sold kidnapped stuffed animals
Product_E1
Product_P1
Product_D1
Product_R1
Additional Evidence:
Hard Drive from suspect's computer = FlashEvidence.001
Packet Capture from activity on suspect's computer = Evidence_Pcap.pcapng
Registry from suspect's computer = SAM hive
Browser file from alleged buyer's laptop = j3uv3vkf.default
NOTE: You may need to find some information on the Internet but all evidence files needed are included in the Lab downloads folder. This is NOT a web exploitation exercise so please do not waste your time probing deep into website code.
Digital Forensics Challenge - Save the Animals
Tips - SKIP this page if you do not want any direction on solving the challenge
#1 The challenge questions are in no specific order - you can start with any of the evidence and any question. However, some answers will not be reachable until other evidence is found. It's a process!
#2 The goal of the challenge is to provide practice in the following digital forensics techniques - included are some suggested tools to help with each technique. These are only suggestions, there are many other forensics tools that you may prefer to use.
Extracting information and files from a packet capture --- Possible tools: Wireshark, NetworkMiner
Retrieving deleted files --- Possible tools: The Sleuth Kit, Autopsy, FTK Imager
File carving fragmented files --- Possible tools: foremost, scalpel
Retrieving info from Browser files (Firefox) === Possible tools: Firefox SQLite Manager Addon, SQLiteExpertPersonal, Nirsoft Browser tools. Note that if the browser had been Internet Explorer or Chrome, a different set of tools might be needed.
Extract info about a Windows computer from a Registry File --- RegRipper, Access Data Registry Viewer
#3 The challenge can be performed using Windows or Linux tools. For more practice, try doing each technique with a tool from each Operating System. *** The SIFT Workstation 3.0 is an simple way to access lots of Linux forensic tools. It can be downloaded as a Virtual Machine from https://digital-forensics.sans.org/blog/2014/03/23/sans-sift-3-0-virtual-machine-released#
Digital Forensics Challenge - Save the Animals
Dostları ilə paylaş: |