You will be given a victim’s claim. You will analyze a single disk image from the victim’s server. You will need to generate investigation hypotheses and find evidence to support or deny your hypotheses. Deliverables will be your 1) documentation and 2) forensic analysis report.
You can complete this assignment completely in Autopsy, but you are welcome to use any tools you want. Just make sure you document them.
A company has approached you because they believe someone is stealing information from their computers. They claim that proprietary information was released online, but are not sure how it was taken over their network.
The company has provided an image of their main server that stored the proprietary information. They are seeking your help in understanding what happened.
You can use the blow google drive link to download the victim server image (3GB).
- Investigation documentation (PDF)
- Investigation report (PDF)
Let me know if you have any questions.