Digital Forensics Challenge Save the Animals Scenario
Yüklə 39,94 Kb.
|
1 2
DigForSaveTheAnimals Instructions- Bu səhifədəki naviqasiya:
- Your job is to analyze the acquired data and answer the questions in the attached document so that Sheriff Woody can bust this evil stuffed slave market.
- Digital Forensics Challenge - Save the Animals
|
Digital Forensics Challenge - Save the Animals Scenario: The Toy Story Police Department (TSPD) is investigating a series of kidnappings. Baby stuffed animals are being kidnapped from their homes and sold on the international stuffed slave market. Sheriff Woody raided the office of the suspected ringleader. The Toy Story Incident Response (TSIR) team was able to perform data acquisition on found devices and computers. The suspect claims he is innocent and that any evidence found was planted on his computer. TSPD has also captured a laptop from one of the alleged stuffed animal buyers. Your job is to analyze the acquired data and answer the questions in the attached document so that Sheriff Woody can bust this evil stuffed slave market. This is an Inventory list of Product IDs of recently sold kidnapped stuffed animals Product_E1 Product_P1 Product_D1 Product_R1 Additional Evidence: Hard Drive from suspect's computer = FlashEvidence.001 Packet Capture from activity on suspect's computer = Evidence_Pcap.pcapng Registry from suspect's computer = SAM hive Browser file from alleged buyer's laptop = j3uv3vkf.default NOTE: You may need to find some information on the Internet but all evidence files needed are included in the Lab downloads folder. This is NOT a web exploitation exercise so please do not waste your time probing deep into website code. Digital Forensics Challenge - Save the Animals Tips - SKIP this page if you do not want any direction on solving the challenge #1 The challenge questions are in no specific order - you can start with any of the evidence and any question. However, some answers will not be reachable until other evidence is found. It's a process! #2 The goal of the challenge is to provide practice in the following digital forensics techniques - included are some suggested tools to help with each technique. These are only suggestions, there are many other forensics tools that you may prefer to use. Analyze file metadata --- Possible tools: exiftool, Jeffrey's Exif viewer website Extracting information and files from a packet capture --- Possible tools: Wireshark, NetworkMiner Retrieving deleted files --- Possible tools: The Sleuth Kit, Autopsy, FTK Imager File carving fragmented files --- Possible tools: foremost, scalpel Retrieving info from Browser files (Firefox) === Possible tools: Firefox SQLite Manager Addon, SQLiteExpertPersonal, Nirsoft Browser tools. Note that if the browser had been Internet Explorer or Chrome, a different set of tools might be needed. Extract info about a Windows computer from a Registry File --- RegRipper, Access Data Registry Viewer #3 The challenge can be performed using Windows or Linux tools. For more practice, try doing each technique with a tool from each Operating System. *** The SIFT Workstation 3.0 is an simple way to access lots of Linux forensic tools. It can be downloaded as a Virtual Machine from https://digital-forensics.sans.org/blog/2014/03/23/sans-sift-3-0-virtual-machine-released# Digital Forensics Challenge - Save the Animals Yüklə 39,94 Kb. Dostları ilə paylaş:
|
1 2