Forensic Cases 💼

A Study in Black

Someone has violated corporate policy by watching porn using the corp PC. Do you have the authority?

Nearly all IP (intellectual property) are recreated by a competitor. Investigate the development machine

Running netstat, see the weird python script with established connection to some remote host: Grab the executable: lsof -p 2082 and ps aux grep 2082.

Compromised Apache Web server with drupal application used for local team. There was some unusual activity noticed between 05/10 and 08/10/19.

IP theft and Kali Linux is a suspect. Has the user exfiltrated pictures or documents?