WASTC: Computer Forensics

Summer 2023 Sam Bowne

Projects

Autopsy User Documentation

Setup

H 101-4: Binary Games (20 pts.)
F 60: Cloud Server on Azure (15 pts)
D 11: Chrome Remote Desktop (10 pts extra)
D 12: SSH Tunnel (10 pts extra)
ED 32: Windows 10 Virtual Machine (15 pts extra)

Using Autopsy

F 200: Examining a Forensic Image with Autopsy (15 pts.)
F 201: Rhino Hunt with Autopsy (15 pts + 10 extra)
F 202: Rhino Hunt with Wireshark (15 pts + 15 extra)
F 210: Memory Analysis with Autopsy (15 pts + 30 extra)
F 220: Capturing and Examining the Registry (15 pts)
F 221: Examining a Windows Disk Image (25 pts extra)
M 140: Android Studio Emulator (15 pts extra)
M 142: Rooting Android Studio's Emulator (15 pts extra)
M 143: Forensic Acquisition from Android (15 pts extra)
M 144: Android Analysis with Autopsy (10 pts)
F 230: iPhone Analysis with Autopsy (20 pts)
F 231: Scanning an iPhone Backup for Malware (15 pts extra)

Other Tools

H 420: Wireshark (110 extra)
F 211: Memory Forensics of LastPass and Keeper (25 extra)

IR 100: Windows and Linux Machines (20 pts extra)
IR 371: Velociraptor Server on Linux (25 pts extra)
IR 372: Investigating a PUP with Velociraptor (40 pts extra)
IR 373: Investigating a Bot with Velociraptor (50 pts extra)
IR 374: Investigating a Two-Stage RAT with Velociraptor (35 pts extra)

Boss of the SOC v1: Threat Hunting with Splunk (325 pts)

Updated: 6-19-23 8:22 am