Friday, December 18, 2020

Digital Forensics:Belkasoft Evidence Center X Challenge

Digital Forensics:Belkasoft Evidence Center X Challenge

Digital Forensics

Prerequisites:

1. Install Belkasoft Evidence Center X (request a trial version at https://belkasoft.com/get).

Make sure you chose to install sample data image during the product installation.

2. Create a new case

3. Add "samples.E01" as a an Image. The path to the file looks like "C:\Program

Files\Belkasoft Evidence Center x64 10.0\Sample Data".

4. Settings:

- Analysis type: everything except "Snapshots"

- Carving type: select "Carve free space"

- Artifacts: make sure all types are selected

- Media: select "Faces" and "Text (English)"

- Encryption: search for encrypted files and volumes

5. Enter passwords for iPhone backup, Chrome and weChat - find them in C:\Program

Files\Belkasoft Evidence Center x64 10.0\Sample Data\Passwords.


The challenge questions.

1. How did the picture “Gun_9mm.png” get into the data source?

  • Mailboxes

Digital Forensics

2. How many Cookies records have been found for the “youtube.com” host?
Digital Forensics

3. What is the geolocation data (Latitude, Longitude) for the point “Aviaticka,
16108 Praha 6, Czech Republic”?


Digital Forensics CTF

4. How many pictures are taken by iPhone 4? (Hint: use filters in List View)

Digital Forensics CTF

5. What is “Date and time of original data generation” of “iphone_London.jpg”?
Digital Forensics CTF

6. Which pictures contain guns? (Hint: if you have a full-featured license of
Belkasoft X,
Digital Forensics CTF

7. What types of files are found within the following data range: 01/01/2013-
31/12/2013?
Digital Forensics CTF

8. What is the database size for “live%003a.cid.5240e092bf788b59” Skype
account?
Digital Forensics CTF


9. What is the complexity of decrypting the document “protected2.pdf”?
Digital Forensics CTF

Digital Forensics CTF


10. How long was the first sleeping period of Detective Blore on 11/15/2018
according to MiFit records?
Digital Forensics CTF
4 hours 37 minutes

11. What famous composer is mentioned in the case key dictionary?
Digital Forensics CTF

12. Look for an address containing “Westminster” in conversations. What is the
full address?
Digital Forensics CTF

13. What Wi-Fi network was connected on 9/23/2016?
Digital Forensics CTF

14. Who is the sender of an email, containing a California Zip code?

Digital Forensics CTF
website@tesla.com

15. What phone numbers does Professor have in his iPhone WhatsApp address
book? (Hint: check it in ContactsV2.sqlite, using built-in SQLite Viewer. Find the
database using “Show in File System” option)

Digital Forensics CTF
+7 (953) 164-62-91

First steps with Belkasoft X



Ref: More useful information for you:
1) Belkasoft tutorials at https://belkasoft.com/tutorials
2) Belkasoft User Reference in your Belkasoft product and at https://belkasoft.com/downloads/info/Evidence%20Center%20Help.pdf

หมายเหตุ:เนื้อหาในเว็บไซต์นี้มีขึ้นเพื่อวัตถุประสงค์ในการให้ข้อมูลและเพื่อการศึกษาเท่านั้น


* หากมีข้อมูลข้อผิดพลาดประการใด ขออภัยมา ณ ที่นี้ด้วย  รบกวนแจ้ง Admin เพื่อแก้ไขต่อไป
ขอบคุณครับ

#WindowsForensic #computerforensic #ComputerForensics #dfir #forensics
#digitalforensics #investigation #cybercrime #fraud

No comments:

Post a Comment