Free
Challenge: Back to the Cereal
This challenge will have you analyze a $MFT Windows artifact to identify unauthorized activity. The goal is to see from a blue teamer's point of view the actions an unauthorized user may take on a victim's system when an attacker wants to hide their activity.
1
H
0
M
Time
beginner
difficulty
1
ceu/cpe
Course Content
No items found.
Course Description
Blue Team POV: System Analysis
> In this challenge, you will analyze a compromised system $MFT file related to attacks targeting NTFS timestamps. This challenge aims to showcase the importance of the $MFT file in a forensics investigation and the importance of timestamps to distinguish abnormal vs. normal activity.![CySeeker Peculiar](//images.ctfassets.net/kvf8rpi09wgk/qbEzmd4efRzpA1lBEW8vZ/9fb4bc97f855861107cfa48daf666920/CySeeker_Peculiar.png)