Challenge #10 - Meeting Location Case
- E01 for the drive could be found: here
- Deliverable #1: Where is the Evidence?
You need to find answers with explanations to the following:
- What is Max using to hide his activity?
- Find and restore the methods/tools/techniques/etc that he is using. Note: This might require data recovery/carving
- Deliverable #2: Where are they Meeting?
After you have found the methods that Max has been using to hide his tracks, you are required to:
- Find out what Max was searching for based on analyzing the browser history.
- We believe that Max received the information about the meeting location in an encrypted file. Search for that file and after decrypting the file (if needed), determine the meeting location.
- What was the name of the file that has the meeting location?
- From where did Max get the meeting location (URL, chat, email, etc)?
- Deliverable #3: Reflection
Reflect on what you learned from this case.
- For more detailed instructions, please check this case under cases at here
Our suspect Max, seems to be part of a foreign intelligence group and our intelligence team has been tracking him for months now. It seems Max has agreed to meet with an unknown party at some location. After Max left his apartment, we were able to acquire an image of his system. Unfortunately, when we did our investigation, we did not find anything. We are sure that Max has no other system and this is the only system he uses. We need your help with this investigation. The faster you are able to retrieve the info, the quicker we will be able to stop their next operations.
End of Case.