Insider - Image Forensics

1. What distribution of Linux is being used on this machine?

   # /root/boot/grub/
   kali

2. What is the MD5 hash of the apache access.log?

   # /var/log/apache2/accesslog
   d41d8cd98f00b204e9800998ecf8427e

3. It is believed that a credential dumping tool was downloaded? What is the file name of the download?

   # /root/Downloads/mimikatz_trunk.zip
   mimikatz_trunk.zip

4. There was a super-secret file created. What is the absolute path?

   # /root/Desktop/bash_history
   /root/Desktop/SuperSecretFile.txt

5. What program used didyouthinkwedmakeiteasy.jpg during execution?

   # /root/Desktop/bash_history
   binwalk

6. What is the third goal from the checklist Karen created?

   # /root/Desktop/Checklist
   profit

7. How many times was apache run?

   # access.log file have nothing
   0

8. It is believed this machine was used to attack another. What file proves this?

   # /root/irZLAohL.jpeg
   irZLAohL.jpeg

9. Within the Documents file path, it is believed that Karen was taunting a fellow computer expert through a bash script. Who was Karen taunting?

   young

10. A user su'd to root at 11:26 multiple times. Who was it?

    # /var/log/auth.log
    postgres

11. Based on the bash history, what is the current working directory?

    # /root/Documents/myfirsthack/