Lab ScenarioA company has discovered that an employee has been using unauthori

1. Lab Scenario
2. A company has discovered that an employee has been using unauthorized software, and potentially has been leaking intellectual property, and intentionally compromising the system. The employee's virtual machine has been halted and a snapshot has been taken.
3. The company is needs to know what software has been installed and used, if and how the system was potentially compromised, and whether or not intellectual property has been leaked.
4. Drive Lab
5. Using any tools you would like, write up a forensics report based on your access to the disk files themselves. Make sure to provide MD5 hashes for significant artifacts discovered, along with tools used and analysis methodologies used.
6. A few things to remember during this lab:
7. • Prioritize your time while investigating a possible artifact. In order to simulate a real incident, there will be some irrelevant artifacts.
8. • Be detailed with your notes and report. You may need to rely on artifacts found within this lab to make sense of some of the items in the next few labs.
9. • The company is aware an encrypted volume exists, but they are unsure where or how. They were able to tell us that the employee uses the same password for basic authentication for multiple accounts/services.