Exercise Solution: Digital Forensics

Your team just received a tip reporting a potential crime plot. One of the culprits involved used the Windows 10 machine in your lab environment last week and you’ve been given permission to investigate. Explore the evidence the criminal left behind to try and piece together the kind of crime he was planning. Where are they planning the crime? What materials might they be collecting in preparation?

Similar to physical crime scenes, criminals often leave behind tons of digital clues that can help shed light on criminal activity. Start by looking at obvious digital remnants like search history across the various browsers on the computer. Look at file download history. Check for auto login accounts that the user may still be signed in to. Look at recently deleted information. These are basic starting points. More advanced technology can be used to find hidden rootkits, carve out deleted files, pull metadata from images, and more. In this exercise case, after checking those items you can conclude they are planning a bank robbery. From the clues you can find the exact geo location of the bank they plan to rob within the web browser search history. You can also find the kinds of masks they might be wearing based on bookmarks. In the search history you may also realize that they are preparing to take hostages, and more.