WINDOWS FORENSICS

Posted May 28, 2024

By Margaret Githinji 1 min read

WALKTHROUGH

A windows machine has been hacked, its your job to go investigate this windows machine and find clues to what the hacker might have done.

Challenge Question:

Whats the version and year of the windows machine? Answer: Windows Server 2016

Q2 Which user logged in last? Answer:Administrator Challenge Question: When did John log onto the system last? Answer: 03/02/2019 5:48:32 PM Challenge Question: What two accounts had administrative privileges (other than the Administrator user)?

command net localgroup administrator

Answer: Jenny, Guest Challenge Question: When did Jenny last logon? Answer: Never

FORENSICS

This post is licensed under CC BY 4.0 by the author.