Build a "Super Timeline" (using tools like Plaso/log2timeline ) to identify when specific files were created, modified, or accessed.
Unix/Linux (various distributions depending on the specific challenge version) townunix.7z
A bit-for-bit copy of a Unix/Linux partition. and artifact recovery.
Bash history files ( .bash_history ), SSH keys, and configuration files that reveal user activity. townunix.7z
The townunix.7z file is a compressed archive (7-Zip format) often used in forensic examinations to preserve the integrity of a "town-themed" Unix environment. It is designed to test a researcher's ability to perform timeline analysis, log carving, and artifact recovery.