NIST Russian Tea Room CFREDS Image Challenge Walkthrough

Text and video versions of the walkthrough are available. I recommend following along in the video using the text version of the walkthrough.

The image and scenario are here: https://www.cfreds.nist.gov/utf-16-russ.html

Parts 1 and 2 of the video are the actual challenge set forth by NIST. 

Parts 3 and 4 of the video demonstrate the FAT file system and how to manually find and understand the files in this image.

Text walkthrough: https://drive.google.com/file/d/1t7MEFmzJO1Jn2yJRhETCWd1zxSZyiAUn/view?usp=sharing

Video Playlist: https://youtube.com/playlist?list=PLkFMwi6oLTFyIpHyglK05MtgWwSTLRtqr

Color coded answer key: https://drive.google.com/file/d/1Kaipdya-mV91V5uDzCJfDaR2bVmeioXp/view?usp=sharing 

This scenario is more focused on understanding hexadecimal and text encoding than on actual forensics. The next walkthrough will focus much more on forensic artifacts and techniques.

Please let me know if you have any suggestions/criticisms. I apologize for the variable sound quality.