NIST Data Leakage
This lab requires forensic investigation into a possible data leakage at NIST. It requires identification of evidence of data leakage and data generated from the suspect’s electronic devices. Also provided are some questions about the results of the investigation.
NIST Answers
This is a .pdf file that provides a detailed description of the scenario for this case. It includes the details and results of the forensic investigation. Also included are questions concerning this lab and the corresponding answers.
NIST Data Leakage 00_Env_Setting
In this case, the software kali will be used during the investigation and a DD image for the NIST data leakage case will be provided. The slides provide an overview on the extraction of registry files, prefetch event logs and security event logs.
NIST Data Leakage 01_Registry
This case provides a more in depth analysis of the process to investigate a Windows registry. Included are instructions on how to navigate the Windows registry.
NIST Data Leakage 02_WinEvt_XML
This PowerPoint helps answer question twelve by going over the steps of retrieving and analyzing security event logs. It also discusses the process of analyzing .xml documents and provides some practice exercises.
NIST Data Leakage 03_WebHistory_SQL
The details of a forensic investigation into the web browsers used by the suspect are included in these slides. Guidance on how to answer questions 13 to 17 is also provided.
NIST Data Leakage 04_Email_USB
This case discusses the steps to a forensic investigation of the suspect’s email exchange as well as the storage devices attached to their PC. The steps taken to provide the answers to questions 18 to 22 are explained.
NIST Data Leakage 05_USNJournaling
This case discusses the USN journal. It provides an introduction on the method of forensic investigation and information extraction. It also provides a comparison between USN journal and NTFS file system journaling. Question 23 is discussed here.
NIST Data Leakage 06_Network_Shellbag_Jumplist
This discusses the different methods of finding the IP address of a shared network drive. It details the process of examining Shellbags and Jumplists in relation to the forensic investigation. Questions 24 to 26 are discussed here.
NIST Data Leakage 07_NetworkDrive_Shellbag
This case discusses the process of searching Link files for a forensic investigation. It goes over the process of searching the company’s shared network drive. Then introduces the steps needed to find traces related to cloud services, like Google drive, on the target’s PC. Questions 27 to 31 are discussed in these slides.
NIST Data Leakage 08_CD_$MFT
Forensic investigation cases regarding data leakage and CD-R are discussed here. It reviews the method to search for files sent to and retrieved from a CD-R. It also introduces transaction records. Questions 32 to 35 are discussed in these slides.
NIST Data Leakage 09_Win_searchDB_csvsql
This case reviews the steps to be taken to investigate the Thumbnail and Sticky notes files. The procedure for investigating the Windows Search Database is also introduced. Questions 36 to 46 are discussed in these slides.
NIST Data Leakage 10_Vol_Shadow
This details the process of handling Volume Shadow Copies in a forensic investigation. The steps taken to search Google Drives for deleted files is included. Images of Volume Shadow Copies are also searched. Questions 47 to 50 are reviewed.
NIST Data Leakage 11_RecycleBin_AntiForensics
This case reviews the steps to be taken to search and recover data from the Recycle Bin on a PC. It also discusses how to investigate if anti-forensic measures are taken on a PC. Questions 51 to 52.7 are discussed in these slides.
NIST Data Leakage 12_CD-R_Data_Carving
This case introduces the method of handling data recovery and data carving. It details the process of recovering deleted files, handling Orphanfiles, and carving CD-R. It also includes the process of searching for hidden files and strings. Questions 53 to 57 are reviewed.
NIST Data Leakage 13_Crack_Win10_Login_Password
This slide introduces the methods of cracking Windows’ passwords for investigation purposes; it includes a three part plan.
Forum Search
Hello, Has anyone here secured any forensic related internships for 2024? I'm collecting some data and wanted to know what...
By AP Malla, 11 months ago
How should I approach network forensic? Would you recommend learning tools like WireShark?
By AP Malla, 11 months ago
Understand the Basics: Know the Field: Cyber forensics involves investigating digital crimes, analyzing electronic data, and recovering hidden, deleted, or...
By AP Malla, 12 months ago
