This will be my write-up for the 4th Belkasoft CTF! This CTF follows a plot based progression to make it fun, so I’ll also include the plot details unlike my other write-ups :) Prompt — Have you heard the news? I have. — The CID has interrogated the father. Other than…

This includes my write-up for UMDCTF which had many interesting and new forensics challenges along with other categories! Forensics 1. Renzik’s Case We’re given an image file usb.img which after loading in FTK shows the deleted files from the unallocated space. Simple one to begin with, nothing too complex.

Disclaimer: All the answers apart from the obvious will be redacted to encourage defenders to try the challenge themselves. The Prompt: A company’s web server has been breached through their website. Our team arrived just in time to take a forensic image of the running system and its memory for further analysis. …

Disclaimer: All the answers apart from the obvious will be redacted to encourage defenders to try the challenge themselves. The Prompt: The SOC team got an alert regarding some illegal port scanning activity coming from an employee’s system. The employee was not authorized to do any port scanning or any offensive hacking activity…

Disclaimer: All the answers apart from the obvious will be redacted to encourage defenders to try the challenge themselves. The Prompt: One of the SOC analysts took a memory dump from a machine infected with a meterpreter malware. …

Disclaimer: All the answers apart from the obvious will be redacted to encourage defenders to try the challenge themselves. The Prompt: Company X has contacted you to perform forensics work on a recent incident that occurred. One of their employees had received an e-mail from a co-worker that pointed to a PDF file…

This will be my write-up for some random challenges from DeconstruCTF 2021! Forensics 1. The Missing Journalist

This is going to be my write-up for the first blue team CTF from CyberDefenders, involving investigating a Linux image. The Prompt: We’re provided with a .E01 file, which is an EnCase image format. I used FTK Imager as it was faster for me than Autopsy. …

This is going to be my write-up for some challenges from DownUnderCTF 2021. Official write-ups for all the challenges can be found here. Forensics 1. Retro! Very simple one to begin with, just extract the EXIF data for the flag