BTLO Replay: STICKY SITUATION | Digital Forensics Lab Walkthrough

Welcome to BTLO Replay, a video series that will take you through retired BTLO labs. Videos posted every Friday at 6pm BST.

This week’s lab is STICKY SITUATION, a digital forensics investigation that utlizes Autopsy® to gather information about a USB drive that was used to steal sensitive information from the President’s laptop.

Difficulty: Medium

The STICKY SITUATION scenario:

A highly confidential document has been stolen from the President’s laptop and has been sold on the Dark Web. The Secret Service thinks someone with physical access to the laptop was able to retrieve the important document, and they suspect the likely method was ATTACK ID T1052.001. Can you help the Secret Service to figure out how this happened?

0:00 – Scenario and introduction
2:01 – Investigation files
3:20 – Tools
4:59 – Question 1
5:19 – Question 2
5:39 – Question 3
8:28 – Question 4
10:03 – Question 5
10:16 – Question 6
12:38 – Question 7
13:27 – Question 8
14:18 – Question 9
14:23 – Question 10
14:29 – Question 8 cont.
15:11 – Summary
--

Powered by global blue team training provider, Security Blue Team, BTLO is a gamified platform for defenders to sharpen their skills during engaging security investigation and challenge scenarios.

The BTLO Replay series takes viewers through walkthroughs of retired labs. Visit the BTLO website to take on these challenges for yourself and discover new labs launching regularly.

SUBSCRIBE:    / @blueteamlabsonline  
WEBSITE: https://blueteamlabs.online
DISCORD:   / discord  
TWITTER:   / bluelabsonline  
LINKEDIN:   / blue-team-labs-online