I am starting my final year of University in September and have already made a plan for my dissertation.
I am planning to hack into a virtual machine (Windows 10) via an open SSH port, from there I am going to change file extensions, delete files and folders. Then I am going to do an investigation using Autopsy.
From a forensics standpoint, what is the best suggested starting point to see if a machine has been hacked? Obviously I know what has been hacked, but an investigator isn’t going to know that.
Any suggestions would be great thanks
FYI I know how to obtained the evidence in a forensically sound way, I just want to know where to start.