Category: Forensics
Difficulty: Medium
Author: TheDone*#2152
Acme Inc. has found that its internal files have been leaked to several successful phishing attacks.
A new shared workstation recently had company files copied onto the disk for use in the office and needs to be analysed.
DFIR specialists have found no evidence on other machines and need your help to investigate this workstation.
Since COVID-19 has closed the office, find the forensic image here - https://mirror.aarnet.edu.au/pub/DownUnderCTF/