You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* This forensics challenge was worth `300` points.
* Download the memory image from [https://mega.nz/#!EYZEkBKA!kr5LRlJ8N0S_beuJs238d3Ac2xy597yYI7miV7GXl7A](https://mega.nz/#!EYZEkBKA!kr5LRlJ8N0S_beuJs238d3Ac2xy597yYI7miV7GXl7A) (hosted externally because it's large).
## Important info
An employee has been escorted from the building due to frequent breaches of the IT Security Policy and turning up to work under the influence of alcohol. As a senior analyst in the organisation, you've been tasked with investigating memory image of the employee's virtual machine to search for evidence of data exfiltration or suspicious communications.
