Open in app

Sign up

Sign in

Write

Sign up

Sign in

Home

Library

Stories

Stats

Mastodon
InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Follow publication

Member-only story

TryHackMe writeup: Digital Forensics Case B4DM755

Aleksey
InfoSec Write-ups
Published in
15 min readMar 29, 2024

--

Digital forensics and incidence response are the art and science of reconstructing past events and what events have occurred during a computer system’s operation. It has shown itself to be very useful in solving engineering problems, detecting threats against an individual or organisation, and even bringing criminals to justice. In this article, I intend to document experience that I got acting as a “first responder” for a hypothetical computer forensics case in a TryHackMe room.

Base Image: eBay (n.d.).

Contents at a glance

  1. Background
  2. Procedure
  3. Discussion
  4. Conclusion
  5. References

Background

The Digital Forensics Case B4DM755 TryHackMe room (“tryhackme” and “Orzykf”, 2023) gives its users a fictitious digital forensics case to practice on. The room has the defined objectives for users to learn more about the chain of custody, practise using the FTK Imager (n.d.) tool to image a non-volatile storage medium, and analyse the imaged device to be used in a hypothetical legal case.

Background information

Task 2 introduces case #B4DM755 — an investigation to the fictitious crime of corporate espionage — specifically theft of trade secrets. The suspect is William Super McClean, a British person who recently fled to Metro Manila — the largest urban area in the Philippines. An informant gave the law enforcement agency investigating case #B4DM755 the context in which the crime was committed, and information regarding a possible transaction between McClean and a Metro Manila gang member.

Task 4 further elaborates: as law enforcement attempted to get McClean in an apartment, they found out that they were too late and that the transaction between himself and the gang member may have already happened. Law enforcement was able to seize a non-volatile flash drive tied to a key chain with the initials “WSM” on it.

This room has me playing the role as a first responder in the law enforcement agency’s digital forensics and incidence response team. We are given authorisation to seize and search McClean and others involved with the crime. Specifically, I am to acquire a…

--

--

InfoSec Write-ups
InfoSec Write-ups
Follow

Published in InfoSec Write-ups

56K Followers
Last published 13 hours ago

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Follow
Aleksey
Aleksey
Follow

Written by Aleksey

430 Followers
147 Following

computer science thot

Follow

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech