Skip to main content



Cynet Incident Response Challenge 2020 WriteUp

I came to know about and started on the Cynet IR Challenge, quite late and was focused more on doing a writeup for it. However, Cynet released their writeup yesterday. I decided to continue with my writeup anyways and compare it against Cynet’s solution and see where I went wrong. I thought it was a good idea to write my analysis and highlight some of the issues with the Cynet IR Challenge questions. I also hope to learn more from my esteemed colleagues in the DFIR industry and open to discussion on the approaches and investigation direction I took for the challenges.EASY ONESChallenge #1Time MachineStoryGOT Ltd CTO claimed that he found out a suspicious activity on his laptop.He stated that some of his files suddenly moved from one location to another, when other files seem to be modified on illogical dates. He asked us to check if we can find anomaly indicators which is relevant to his desktop files.We found out that he was right and there is …

Latest Posts