CODEGATE 2012 – Forensics 400

Challenge description:

In Energy corporate X which is located in Seoul, APT(Advanced Persistent Threat) was occurred.
For 6 months, Attacker A has stolen critical information with an elaborate attack.
Attacker A exerted great effort to remove his all traces such as malicious file, prefetch, registry and event logs for the period of attacking, so it was hard for Energy Corporate X to find an attacking path. However IU who is Forensic expert can find the traces of the malicious files Attacker A used by analyzing MFT(Master File Table).
What time malicious file was created? The time is based on Korea Standard Time(UTC +09:00)
Answer: YYYY-MM-DDThh:mm:ss.sTZD
(TZD : +hh:mm or -hh:mm). Calculate down to seven decimal points.

{Read More}