Uncompress the challenge (pass: cyberdefenders.org)
Spotlight is a MAC OS image forensics challenge where you can evaluate your DFIR skills against an OS you usually encounter in today's case investigations.
What version of macOS is running on this image?
What "competitive advantage" did Hansel lie about in the file AnotherExample.jpg? (two words)
How many bookmarks are registered in safari?
What's the content of the note titled "Passwords"?
Provide the MAC address of the ethernet adapter for this machine.
Name the data URL of the quarantined item.
What app did the user "sneaky" try to install via a .dmg file? (one word)
What was the file 'Examplesteg.jpg' renamed to?
How much time was spent on mail.zoho.com on 4/20/2020?
What's hansel.apricot's password hint? (two words)
The main file that stores Hansel's iMessages had a few permissions changes. How many times did the permissions change?
What's the UID of the user who is responsible for connecting mobile devices?
Find the flag in the GoodExample.jpg image. It's hidden with better tools.
What was exactly typed in the Spotlight search bar on 4/20/2020 02:09:48
What is hansel.apricot's Open Directory user UUID?