Scenario 1:
You frequently go to a coffee shop to access the free WiFi on your laptop. A recent news article claims that several patrons of that very same coffee shop have been victims of identity theft. They claim that their information may have been compromised because they connected to an unprotected wireless network with a name very similar to the legitimate one. The name of that fake network is “TrustThisWifi”. You want to check if you have ever connected to this network.
You frequently go to a coffee shop to access the free WiFi on your laptop. A recent news article claims that several patrons of that very same coffee shop have been victims of identity theft. They claim that their information may have been compromised because they connected to an unprotected wireless network with a name very similar to the legitimate one. The name of that fake network is “TrustThisWifi”. You want to check if you have ever connected to this network.
Question: Determine the date and time (in UTC/GMT) that this computer was turned on?
Scenario 2:
You are a teacher at a High School and you regularly leave your computer on your desk throughout the day, even when you are not present in the room. A group of students were over-heard talking about their upcoming Senior Prank, they mentioned that they had been using a CD-ROM to install a key logger on teacher’s computers to gain their password. The name on the CD was “Mac OS X Install DVD”, was this disk ever inserted into your computer?
Question: Display domain and nameserver information currently present on this system.
Question: Produce an exact copy of the current Host Database.
Question: How many times did the user “IR” login to this system on April 21? Identify if there were any abnormalities during any login session.
Scenario 3:
An employee is suspected of attempting to remove intellectual property from company X. We know it was contained in an image named “test.dmg”. We want to see if it occurred during the time corresponding to his access card logs. Can you verify the date and time at which this image was created?
Question: What was the date and time of the last attempted update of this system?
Scenario 4:
You were doing work on your laptop while staying at an Airport hotel. A notification regarding Bluetooth popped up and you assumed it was just your new Bluetooth Headphones. The next morning you realize you attempt to connect your Bluetooth headphones and realize that the name was different than the notification you got last night and you want to check what Bluetooth devices have been connected to your MacBook.
Question: What was date and time of the last finished shutdown of this computer?
Scenario 5:
You have accidentally downloaded a file or program that you believe may be malicious. Your computer is now acting abnormal but you cannot find any trace of the file or program that was accidentally downloaded.
Question: Does this user have an internet browser in their dock? If so which one?
Scenario 6:
Your laptop was sitting on a public table while you got up to answer a phone call. As you returned to the table you see the person who was sitting near operating your computer and quickly going back to their seat. You have several documents with personal information on your Desktop and you want to make sure that none of these files were recently accessed.
Question: What is the USBMC identifier of the removable device “My Passport”? What was the date and time in which it was first connected to this computer?
Scenario 7:
You would like to see the list of websites that were open the last time you exited Safari. List the last three accessed websites.