This post is a write-up or clues on how to resolve the KC7 investigation case of A Scandal in Valdoria - Section 2: Welcome to Valdoria! . You can use it as a helpful guide when you encounter an obstacle, as it structured as a fill-in-the-blanks solution.
Section 2: Welcome to Valdoria!
Question 1: What is the Newspaper Printer’s name?
Clark Kent
Question 2: What is the Editorial Intern’s name?
Employees
| where <field> == "Editorial Intern"
Question 3: When was the Editorial Intern hired at The Valdorian Times?
Answer from question 2.
Employees
| where <field> == "Editorial Intern"
Question 4: How many total emails has Clark Kent received?
- Find Kent’s email address
Employees
| where <field> <operator> "Clark Kent"
- Get the count of emails.
Email
| where <field> <operator> "<Clark Kent Email address>"
| <operator>
Question 5: What was the subject line of this email?
Question 6: Enter the sender’s email address.
This query will provide the required data to continue the investigation by answering questions 5 and 6.
Use the query from question 4 without the last operator count
🫣. The question provided us with the date when the email was sent to Clark Kent on January 31, 2024.
Email
| where <field> <operator> "<Clark Kent Email address>"
| where timestamp between (datetime('2024-01-31T00:00:00Z') ..datetime('2024-01-31T23:59:59') )
Question 7: What was the name of the .docx file that was sent in this email?
Use the same query above to answer this question. It is asking for the file name not the full link.
Question 8: Do you think this needs further investigation (yes/no)? Choose wisely 😉
Yes
Community Help
Join Discord to discuss the module KC7 Discord #valdoria .