NIST Forensic Challenge Image

By: Frank
NIST Forensic Challenge Image

This is a forensics challenge from NIST. It can be found here...

This was completed primarily with the following open source tools: FTK Imager, Autopsy, and the EZ Tools suite.

The first thing I like to do when acquiring an image is to figure out what operating system version I am using. To do this...

1. What is the destination time zone offset in UTC for the following email received by Jimmy Wilson "447018D5-00000006.eml"
  1. +04:00
  2. -07:00
  3. -08:00
  4. -05:00
  5. -09:00
For this we can simply search for that specific email in Autopsy. We can then inspect the email headers and look for the timezone offset. In the below screenshot you can see it on line 15.
Answer: c


Back