Mini Digital Forensic Diaries story: got sent to a university in London to investigate a case where a student, who bragged of hacker prowess openly, was suspected of introducing malware to a machine and stealing a lecturers password.
“We don’t know how, but we know they logged into the account, and sent emails - and this is the only machine the lecturer uses,” came the brief.
Imaged the machine suspected of being targeted.
While giving the lecturer their laptop back post imaging I observed, via projector, the lecturer entering in their password to the username field on the login screen.
“Whoops, I’m always doing that - at least this time it wasn’t in front of the students,” they said.
Sure enough, there was no evidence of anything untoward on the laptop, but I had a good theory as to what may have occurred.
Check out more, less mini, stories like this at https://infosecdiaries.com.