Forensic Analysis and Artefact Retrieval

• Forensic analysis of the system image was performed using Autopsy
• The TCP messages and responses to the malware files were captured using Wireshark
• Some volume in the disk image was encrypted using Veracrypt, the same was decrypted