[DFIR] 306 - Event Logs(미완)

Year

2020

CTF Name

DIgital Forensics Challenge

Category

DFIR

Type

Artifact Analysis

2-1. List all files opened with MS Office. (20 points)

2-2. Where did the attacker save the downloaded credential dump tool to the system? (Full Path) (40 points)

2-3. What command did the attacker use to download the credential dump tool? (20 points)

1. Description

The attacker downloaded the credential dump tool and then tried to dump the user's credentials. How did the attacker download the credential dump tool?

2. Write up

2-1. List all files opened with MS Office. (20 points)

IR300 - Attacker Behavior Analytics.docx

Timeline.xlsx

Hindsight_output.xlsx

test.csv

victim_timeline.xlsx

BrowsingHistory.csv

2-2. Where did the attacker save the downloaded credential dump tool to the system? (Full Path) (40 points)

정답 :

2-3. What command did the attacker use to download the credential dump tool? (20 points)

정답 :