The Disgruntled room places you in the role of a digital forensic investigator tasked with uncovering traces left behind by an unhappy employee. The challenge involves combing through Windows artifacts to identify suspicious activities, uncover deleted or hidden files, and piece together the motive behind the insider threat. By working step-by-step, you learn how forensic evidence can reveal malicious intent even when an adversary tries to cover their tracks.
This exercise reinforces key DFIR skills, such as timeline analysis, registry inspection, and understanding user behavior through event logs and system artifacts. It highlights the importance of insider threat detection, showing how even trusted individuals within an organization can pose serious risks. By completing the room, you build confidence in applying forensic techniques to real-world workplace scenarios.
