|THM Room: KAPE|
Acceptable Use Policy violation
Organization X has an Acceptable Use Policy for their Portable Devices, including Laptops. This policy forbids users from connecting removable or Network drives, installing software from unknown locations, and connecting to unknown networks. It looks like one of the users has violated this policy. Can you help Organization X find out if the user violated the Acceptable Use Policy on their device?
Run KAPE with your desired Target and Module options.
Hint: You can use EZviewer placed in the EZtools folder on Desktop to open CSV files. Answer the questions below
Two USB Mass Storage devices were attached to this Virtual Machine. One had a Serial Number 0123456789ABCDE. What is the Serial Number of the other USB Device?
7zip, Google Chrome and Mozilla Firefox were installed from a Network drive location on the Virtual Machine. What was the drive letter and path of the directory from where these software were installed?
What is the execution date and time of CHROME-SETUP.EXE in MM/DD/YYYY HH:MM?
What search query was run on the system?
When was the network named Network 3 First connected to?
KAPE was copied from a removable drive. Can you find out what was the drive letter of the drive where KAPE was copied from?