tl;dr

• Finding Picture-In-Picture application capability.
• Most recently viewed web activity in Picture-In-Picture application on the device.

tl;dr

• Finding the last modified timestamp of the file that maps names to IP’s accessed.

tl;dr

• Extract keylogger script from the memory dump.
• Extract the master key from the packet capture.
• Reverse the script to get the flag.

tl;dr

• Extract Invalid Login timestamp from the windows registry.
• Extract the timestamp of when a JPEG was opened.
• Extract Google Chrome’s last run time which was pinned to taskbar from windows registry.

tl;dr

• Extract process last run time from the windows registry.
• Extract process run count from the windows registry.

tl;dr

• Decrypt the encrypted GPG file found in Outlook Express with the private key stored on the device.
• Decrypt the firefox saved passwords and log in to the website that the terrorist used.

tl;dr

• Digging into windows registry to find process run counts.
• Extracting and parsing AmCache to find the hash of process images

tl;dr

• Disk Dump extraction.
• USB leftover Capture data extraction.
• Zip file cracking.

tl;dr

• Memory dump analysis using Volatility.
• Extracting Keepass Master Password from the memory.
• Extracting flag from ZIP archive attached in the Keepass database.

tl;dr

• RAID recovery
• JPEG image extraction from lost disk