I have created a virtual machine that you can use to test your forensics analysis skills. Please, download the VM, solve an assignment below and share solutions with us.
Your are a member of the elite CSIRT team which is responsible for dealing with computer security incidents in your jurisdiction. You are asked to investigate a server that was previously administered by disgruntled administrator Mr. Abdullah Khan who was fired up. The login credentials for the server were changed after Khan's sacking from the company but it is believed that he might insert malicious software into server before changing of credentials. Your task is to ensure that a sever does not contain any malicious software and user data stored on the server are not compromised. You also need to prove your professional forensic skills and analyze a suspicious file in case you will find it on the server. Based on your investigation you should find out how malware work and create detailed report for your boss.
The server is running Ubuntu 16.04.1 and it is primary used as a file server with configured SSH access. Unfortunately the backup of user files is damaged and cannot be used in case of data are lost during your investigation. The login/password is ubuntu/ubuntu and root/root.
- Any use of the software located inside the provided virtual machine is at your own risk and it is intended for learning purpose only.
- Use of software for malicious purpose is strictly prohibited.
- You further acknowledge and agree that I am not responsible or liable, directly nor indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of any software located inside the provided virtual machine.