Secret Recipe
Premium roomPerform Registry Forensics to Investigate a case.
medium
To access material, start machines and answer questions login.
Set up your virtual environment
Storyline
Jasmine owns a famous New York coffee shop Coffely which is famous city-wide for its unique taste. Only Jasmine keeps the original copy of the recipe, and she only keeps it on her work laptop. Last week, James from the IT department was consulted to fix Jasmine's laptop. But it is suspected he may have copied the secret recipes from Jasmine's machine and is keeping them on his machine. 
His machine has been confiscated and examined, but no traces could be found. The security department has pulled some important registry artifacts from his device and has tasked you to examine these artifacts and determine the presence of secret files on his machine.
Room Machine
Before moving forward, let's deploy the machine by clicking on the Start Lab Machine button on the top of the task. The machine will start in a split-screen view. In case the VM is not visible, use the blue Show Split View button at the top of the page. You may also access it via the AttackBox or RDP using the credentials below. It will take up to 3-5 minutes to start.
On the Desktop, there is a folder named Artifacts, which contains the registry Hives to examine and another folder named EZ tools, which includes all the required tools to analyze the artifacts.
Credentials
Username : Administrator
Password: thm_4n6
Note: If you are using Registry Explorer to parse the hives, expect some delay in loading as it takes time to parse the hives.
Connect with the lab.
How many files are available in the Artifacts folder on the Desktop?
Ready to learn Cyber Security?
The Secret Recipe room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in