Challenge #2 - User Policy Violation Case

  • Challenge #2 - User Policy Violation Case

    • This is another digital forensics image that was prepared to cover a full Windows Forensics course.

    1. System Image: here
    2. Hashes & Password: here
    3. Other download URLs from (Archive.org) could be found here: here
    You can use the image to learn the following:
    1. File Carving, Custom Carving, and Keyword Searching
    2. File System Forensics - NTFS
    3. Deep Windows Registry Forensics: System and User Hives
      • SYSTEM
      • SOFTWARE
      • SAM
      • NTUSER.DAT
      • USRCLASS.DAT
    4. Other Windows Files: LNK, Jump Lists, Libraries, etc
    5. Application Compatibility Cache (ShimCache)
    6. Analyzing Windows Search (Search Charm)
    7. Analyzing Thumb Caches
    8. Analyzing Prefetch Files
    9. Analyzing Recycle Bin(s)
    10. USB Forensics
    11. Events Analysis
    12. Email Forensics: Web and Outlook
    13. Browser Forensics: Internet Explorer and Google Chrome
    14. Skype Forensics

    This image covers most if not all of the recent system artifacts that you might encounter. Let me know if you need any help or if you are an instructor and want the answers to each part of the case. I will only send the answers to verified instructors.

    End of Case.

Post a Comment