NIST Data Leakage

This lab requires forensic investigation into a possible data leakage at NIST. It requires identification of evidence of data leakage and data generated from the suspect’s electronic devices. Also provided are some questions about the results of the investigation.

NIST Answers

This is a .pdf file that provides a detailed description of the scenario for this case. It includes the details and results of  the forensic investigation. Also included are questions concerning this lab and the corresponding answers.

NIST Data Leakage 00_Env_Setting

In this case, the software kali will be used during the investigation and a DD image for the NIST data leakage case will be provided. The slides provide an overview on the extraction of registry files, prefetch event logs and security event logs.

NIST Data Leakage 01_Registry

This case provides a more in depth analysis of the process to investigate a Windows registry. Included are instructions on how to navigate the Windows registry.

NIST Data Leakage 02_WinEvt_XML

This PowerPoint helps answer question twelve by going over the steps of retrieving and analyzing security event logs. It also discusses the process of analyzing .xml documents and provides some practice exercises. 

NIST Data Leakage 03_WebHistory_SQL

The details of a forensic investigation into the web browsers used by the suspect are included in these slides. Guidance on how to answer questions 13 to 17 is also provided. 

NIST Data Leakage 04_Email_USB

This case discusses the steps to a forensic investigation of the suspect’s email exchange as well as the storage devices attached to their PC. The steps taken to provide the answers to questions 18 to 22 are explained.

NIST Data Leakage 05_USNJournaling

This case discusses the USN journal. It provides an introduction on the method of forensic investigation and information extraction. It also provides a comparison between USN journal and NTFS file system journaling. Question 23 is discussed here.

NIST Data Leakage 06_Network_Shellbag_Jumplist

This discusses the different methods of finding the IP address of a shared network drive. It details the process of examining Shellbags and Jumplists in relation to the forensic investigation. Questions 24 to 26 are discussed here.

NIST Data Leakage 07_NetworkDrive_Shellbag

This case discusses the process of searching Link files for a forensic investigation. It goes over the process of searching the company’s shared network drive. Then introduces the steps needed to find traces related to cloud services, like Google drive, on the target’s PC. Questions 27 to 31 are discussed in these slides.

NIST Data Leakage 08_CD_$MFT

Forensic investigation cases regarding data leakage and CD-R are discussed here. It reviews the method to search for files sent to and retrieved from a CD-R. It also introduces transaction records. Questions 32 to 35 are discussed in these slides.

NIST Data Leakage 09_Win_searchDB_csvsql

This case reviews the steps to be taken to investigate the Thumbnail and Sticky notes files. The procedure for investigating the Windows Search Database is also introduced. Questions 36 to 46 are discussed in these slides.

NIST Data Leakage 10_Vol_Shadow

This details the process of handling Volume Shadow Copies in a forensic investigation. The steps taken to search Google Drives for deleted files is included. Images of Volume Shadow Copies are also searched. Questions 47 to 50 are reviewed.

NIST Data Leakage 11_RecycleBin_AntiForensics

This case reviews the steps to be taken to search and recover data from the Recycle Bin on a PC. It also discusses how to investigate if anti-forensic measures are taken on a PC. Questions 51 to 52.7 are discussed in these slides.

NIST Data Leakage 12_CD-R_Data_Carving

This case introduces the method of handling data recovery and data carving. It details the process of recovering deleted files, handling Orphanfiles, and carving CD-R. It also includes the process of searching for hidden files and strings. Questions 53 to 57 are reviewed.

NIST Data Leakage 13_Crack_Win10_Login_Password

This slide introduces the methods of cracking Windows’ passwords for investigation purposes; it includes a three part plan.

Forum Search

Partners & Sponsors
  • University of Baltimore
  • Towson University
  • Bureau of Justice Assistance
  • National Science Foundation
LATEST FORUM POSTS
Test post2

Test Post2

By Demo User12, 1 year ago

Finding internships

Hello, Has anyone here secured any forensic related internships for 2024? I'm collecting some data and wanted to know what...

By AP Malla, 1 year ago

Beginner network forensic investigation

How should I approach network forensic? Would you recommend learning tools like WireShark?

By AP Malla, 1 year ago

Cyber Forensic Employment: High level guidelines

Understand the Basics: Know the Field: Cyber forensics involves investigating digital crimes, analyzing electronic data, and recovering hidden, deleted, or...

By AP Malla, 1 year ago

LATEST FORUM POSTS