Our Scenarios

Guilty Or Not Guilty 1

Detailed Description

The xxXxx company dismissed one of its IT employees for his misconduct and as a result of the delays of HR manager in sending an e-mail to all departments of the company, this employee was been in the server room the next day after the Christmas and using a flash memory he dragged files from the main server of the company and fortunately the security manager reviewed the CCTV monitoring systems of the company and noted the presence of this employee on a vacation day also he has been found a USB Flash memory with two files inside mc.mem, and tst.vmem and report that to the chairman . As you are the CSO of the company, Mr. Chairman asked you to ensure the conviction of that employee before taking legal actions by examining the digital evidence available in those two files.

Technical Description

The scenario contain a windows 7 machine with the Volatility setup. The forensic images and Volatility are stored on the Desktop

Expected Outcome

Your task is to make a simple chain of custody of these images. Since you have no prior information about the image you must use the suitable command to check what is the suggested profile for each image.