Introduction to Digital Forensics

Can anyone help me, and through me some hints on how to solve the skill assessments of the “Introduction to Digital Forensics”?
I gathered the logs and browsed through the “Sysmon.evtx” using PowerShell, and event viewer.
I was only able to solve the 1st question!

1 Like

For the second, you should check not only the Velociraptor outputs.
I am stuck at the 3rd, I found the registry key but it is disabled. If you can share some tips or a hint would be nice.
For the 4th, you should check the local machine.
And on the 5th you can find the answer in Velociraptor.

I finally figured them out.
For the 3rd question, check the machine itself using the “Windows Persistence Artifacts” section in “Windows Forensic Overview” as your guide.

1 Like

Can u provide some nudge

On the Practical Digital Forensics Scenario section at question number 1, can anyone give me a hint? I dumped the memory contents on pid 6744 using the memmap plugin but still didn’t have the answer.

If you’re feeling stuck, don’t hesitate to reach out to the community or your peers for additional insights and hints. Collaboration can often lead to breakthroughs in solving complex challenges.
Additionally, seeking guidance from experts in the field can provide valuable perspectives and strategies. You might find the services of this digital forensics consultant and expert witness beneficial: https://corporateinvestigation.com/digital-forensics-consultant-expert-witness/ . Their expertise could offer valuable guidance tailored to your specific needs.

If you are still stuck, check other volatility plugins which could reveal valuable information. Don’t hesitate to PM me if really stuck.

Nevertheless, I’m also stuck but I found the tool from PowerSploit repository which is used but unable to validate the answer … Tried both with script full name and without extension neither works, anyone can give me a hint ?