National Institute of Standards and Technology (NIST) provides DFIR challenges to help people learn about various types of challenges and the techniques that can be used to solve them. This challenge provides the following scenario. It is a data leakage case where we are required to find evidence of the offense and any data that the suspect might have generated. Below is the solution to the challenge, solved using the full version of ArtiFast.
The answer can be found in System Information Artifact.
Answer: Eastern Time (US & Canada)(UTC-05:00)
The answer can be found in Timezone artifact.
The answer can be found in Computer Name Artifact.
Answer: informant, admin11, ITechTeam, and Temporary.
The answer can be found in User Accounts Artifact.
Answer: 2015-03-25 11:31:05 (Eastern Time + DST).
The answer can be found in Last Shutdown Artifact.
It is a huge list of execution files but we can take a screenshoots of prefech and userassit artifacts.
We can check chrome history.
Here I have used Chrome Search Terms artifact to list the keywords.
The answer can be found in the Search Strings artifact.
The answer can be found in Outlook/OST artifact.
The answer can be found in USB Artifact.
Artifact: Mapped Network Drive MRU.
Artifact: Google Drive Sync.
Artifact: Sticky notes Artifact.
Artifact: Recycle Bin Artifact.