Blue Team Labs Online - The Key Walkthrough
Scenario: Peter, a programmer by profession, was always fascinated by Superhero movies from his childhood. He started a secret project at work without informing his Boss. Peter stored all the project files in his cloud account. His boss came to know about Peter’s secret project and asked the security team to investigate Peter’s laptop. But here comes the real headache, Peter’s secret drive is encrypted!
Tool: FTK Imager, NirLauncher, Arsenal Image Mounter, FRED
Question 1: What is the TimeZone of Peter’s Machine? [hint: Find the Registry Key]
Question 2: Superhero stories were introduced to Peter at his school. What is the name of Peter’s school?
Question 3: What is Peter’s favorite quote?
Question 4: What is Peter’s IP address and Computer Name?
Question 5: What is the name of the programming language Peter is learning?
Question 6: According to Peter’s Day plan, which task is “In progress”?
Question 7: Peter connected with this partner using TeamViewer. What is the Peter’s partner’s TeamViewer ID and Display Name?
Question 8: What is Peter’s TeamViewer ID and Display name?
Question 9: What is the Password Manager used by Peter?
Question 10: What is the VPN service used by Peter?
Question 11: What is the name of Peter’s ‘Secret Project’?
Question 12: According to Peter’s documentation, what is the theme of the project?
Question 13: What is Peter’s cloud credentials?
Question 14: Peter accessed some files from a remote machine using a file transfer service. what is the login name and IP address of the remote location?
Question 15: What is the Bitlocker Recovery Key?
Question 16: What is the Bitlocker password? [Hint: Question 2]
