Compromised Windows Server 2022 (simulation)

Simulated network intrusion as part of research to develop artificial intelligence / machine learning for post-breach triage. All information contained within the image (including but not limited to usernames and IP addresses) is synthetic. Simulated UK-based small office network running from Sept 2023 to Feb 2024. The administrator opened RDP to facilitate working from home. As part of the scenario, on 12th Feb 2024 discovered the server was no longer responding with 'Red Petya' ransomware displayed on the screen. Forensic experts were engaged, the disk decrypted and a forensic image taken in EnCase E01 format (also known as Expert Witness Format). Many thanks to my PhD supervisors, Prof Adrian Hopgood, Dr Patrick Wong and Dr Ian Kennedy. Thanks also to CMU Ghosts, VirtualBox, generatedata.com, Kali Linux, GreyNoise.io and many more. For further information, see the README.TXT file. To request ground truth for research purposes, please contact Benjamin Donnachie using benjamin.donnachie@open.ac.uk