Scenario 1: Suspicious Death
Donald Norby was found dead in his home with a single bullet to the head. It is unclear whether this is a suicide or homicide. The largest question revolves around the victim's potential connections to an organized criminal group called KRYPTIX. You have been asked to perform a forensic examination of Norbyâ€™s Android device found at the scene in order to determine his activities and, possibly, who he communicated with prior to his death. Your ultimate goal is to determine whether he killed himself or was murdered and provide any further leads to the investigator.
The device was acquired using what the agent considered to be industry best practices. The device flash storage as well as removable media was collected. See the case specific logs for more information.
I always do these challenges, most of the times just to stay focused. I rarely submit results though. Anyhow, for those looking for challenges or to just get sample data to work with, there are two scenarios there.
*fires up FTK + EnCase* (yes I use both simultaneously to replicate results.