The setup for this forensic investigation was I was given an .E01 Disk image file and was told this system was likely involved in a breach. My objectives were to learn how the attacker entered the system, whether they moved laterally to any other systems, and whether their is any evidence that the owner of the system was in on it. The following is the report I wrote after investigation.