The xxXxx company dismissed one of its IT employees for his misconduct and as a result of the delays of HR manager in sending an e-mail to all departments of the company, this employee was been in the server room the next day after the Christmas and using a flash memory he dragged files from the main server of the company and fortunately the security manager reviewed the CCTV monitoring systems of the company and noted the presence of this employee on a vacation day also he has been found a USB Flash memory with two files inside mc.mem, and tst.vmem and report that to the chairman . As you are the CSO of the company, Mr. Chairman asked you to ensure the conviction of that employee before taking legal actions by examining the digital evidence available in those two files.
The scenario contain a windows 7 machine with the Volatility setup. The forensic images and Volatility are stored on the Desktop
Your task is to make a simple chain of custody of these images. Since you have no prior information about the image you must use the suitable command to check what is the suggested profile for each image.
- TIME60 MINUTES
- COST10 CRYSTALS