You have been tasked by a client whose network was compromised and brought offline to investigate the incident and determine the attacker's identity.
Incident responders and digital forensic investigators are currently on the scene and have conducted a preliminary investigation. Their findings show that the attack originated from a single user account, probably, an insider.
Investigate the incident, find the insider, and uncover the attack actions.
File -> Github.txt: What is the API key the insider added to his GitHub repositories?
File -> Github.txt: What is the plaintext password the insider added to his GitHub repositories?
File -> Github.txt: What cryptocurrency mining tool did the insider use?
What university did the insider go to?
What gaming website the insider had an account on?
What is the link to the insider Instagram profile?
Where did the insider go on the holiday? (Country only)
Where is the insider's family live? (City only)
File -> office.jpg: You have been provided with a picture of the building in which the company has an office. Which city is the company located in?
File -> Webcam.png: With the intel, you have provided, our ground surveillance unit is now overlooking the person of interest's suspected address. They saw them leaving their apartment and followed them to the airport. Their plane took off and has landed in another country. Our intelligence team spotted the target with this IP camera. Which state is this camera in?