In the Skill Digital Forensics section on Windows Local User Accounts, Guided Exercise question 3 asks:
“The date and time for the earliest record in the Security.evtx file is ____________. Use the format DD-MMM-YYYY HH:MM:SS (for example, 22-FEB-2022 10:27:18).”
I think the given answer is incorrect. I have brute-forced all possible dates and times from the Security.evtx file, but none of them seem to be correct. Help meeeee! :<<<
Hey there - could you tell me what you’re entering as the earliest timestamp and provide a screenshot of the Event Viewer logs you’re seeing? I just double-checked the lab and this question seemed to be working fine.
Here is my event log screenshot. I have sorted the timestamps, and the red box highlights the result I entered, but the output is incorrect. 
You’re absolutely right - I think the issue is that the lab guide was missing a specific step for sorting by the Date/Time header. In its unsorted state, the top-most and bottom-most log records gave the appearance that it was already sorted most recent to earliest, and the log at the very bottom was the one set as the answer, but that wasn’t actually the case.
I’ve added a new step and corrected the answer. Thanks for flagging.
Glad someone posted with regard to this issue as I am still struggling with it. I see there is a specific step in the lab, 9. 1. In the Event Viewer, click the Date and Time column header to sort the log records., that I am assuming was the added step, but it does not matter which entry I submit, the timestamp for the entry identified in DilysHuynh247 screenshot or the entry at the bottom, no answer seems to be right.
What are you submitting as the answer? Please use the same format you’re using in the lab when it rejects the answer.
Worth noting that the answer in red above is the correct answer. If you’re submitting that, but it’s getting rejected, it may be an issue with your formatting.
Was 100% a formatting issue. I was copying the times exactly as displayed vs the requested format. Sometimes you get too focused on fixing the problem to see the problem. Thank you for the quick response and nudge in the right direction.
Excellent, glad to hear it!
Fwiw - I realize it’s a little non-intuitive to submit the answer in a different format than what’s shown on-screen, but I believe the instructor’s rationale is to encourage uniform formatting across different tools.
Makes sense to me. Thanks again.
