Premise
In this video walkthrough, we covered Disk analysis and forensics using Autopsy. We extracted forensic artifacts about the operating system and uses.
Room Introduction – Disk Analysis & Autopsy
Ready for a challenge? Use Autopsy to investigate artifacts from a disk image.
Room Link: https://tryhackme.com/room/autopsy2ze0
Room Answers
What is the computer account name?
List all the user accounts. (alphabetical order)
Who was the last user to log into the computer?
What was the IP address of the computer?
What was the MAC address of the computer? (XX-XX-XX-XX-XX-XX)
Name the network cards on this computer.
What is the name of the network monitoring tool?
A user bookmarked a Google Maps location. What are the coordinates of the location?
A user has his full name printed on his desktop wallpaper. What is the user’s full name?
A user had a file on her desktop. It had a flag but she changed the flag using PowerShell. What was the first flag?
The same user found an exploit to escalate privileges on the computer. What was the message to the device owner?
2 hack tools focused on passwords were found in the system. What are the names of these tools? (alphabetical order)
There is a YARA file on the computer. Inspect the file. What is the name of the author?
One of the users wanted to exploit a domain controller with an MS-NRPC based exploit. What is the filename of the archive that you found? (include the spaces in your answer)
