Forensic Cases 💞

A Study in Black

Someone has violated corporate policy by watching porn using the corp PC. Do you have the authority?

Case 1. IP Theft Linux Investigation

Nearly all IP (intellectual property) are recreated by a competitor. Investigate the development machine

Case 3. Yet Another Linux Investigation

Running netstat, see the weird python script with established connection to some remote host: Grab the executable: lsof -p 2082 and ps aux grep 2082.

Case 4. Compromised Apache Server

Compromised Apache Web server with drupal application used for local team. There was some unusual activity noticed between 05/10 and 08/10/19.

Case 5. Kali Linux Data Exfiltration

IP theft and Kali Linux is a suspect. Has the user exfiltrated pictures or documents?