Forensic Mission 1

Learn to recover deleted files, analyze evidence, and see beyond the immediately obvious.
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts, etc.]
Posting these will result in warnings/bans!

Re: Forensic Mission 1

Post by limdis on Tue Jan 28, 2014 7:40 pm
([msg=79169]see Re: Forensic Mission 1[/msg])

@Slaingod, I have a two missions currently in development and 3 more planned (as of today). I plan to have the second ready to for testing Friday. So yes, they are coming :ugeek:

gsingh2011 wrote:Is RAR cracking required? That's what I'm stuck on right now.

Required? No. Be sure you are going over everything that you uncover and don't take flags for granted.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1346
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Forensic Mission 1

Post by slaingod on Tue Jan 28, 2014 9:25 pm
([msg=79181]see Re: Forensic Mission 1[/msg])

I didn't mean to push, limdis. All respect, for sure. I look forward to future missions.
-Slaingod

"If it's stupid and works, then it's not stupid."
User avatar
slaingod
New User
New User
 
Posts: 3
Joined: Sun Jan 26, 2014 2:37 pm
Location: United States
Blog: View Blog (0)


Re: Forensic Mission 1

Post by limdis on Tue Jan 28, 2014 9:41 pm
([msg=79182]see Re: Forensic Mission 1[/msg])

No worries at all! I enjoy this work. I'm glad this first one has taken off. I do know where you are coming from though as far as coming from the investigative side however. I'm first trying to introduce techniques before really pushing forward on that front. Also, I am taking note of every detail and ensuring these feel as real as possible. That's why they aren't being pumped out every couple of days. They will progressively get harder, except one I might release early because it covers a technique that deals with self security practices that are highly trusted today. But I do really appreciate the suggestions and hearing about what users want to see! I've been getting a lot of feedback since this release.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1346
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Forensic Mission 1

Post by mooph on Sat Feb 01, 2014 1:56 pm
([msg=79258]see Re: Forensic Mission 1[/msg])

DFF, VIM and TestDisk

Nice one!
:shock:
User avatar
mooph
New User
New User
 
Posts: 15
Joined: Wed Aug 19, 2009 8:27 am
Location: CZ
Blog: View Blog (0)


Re: Forensic Mission 1

Post by cluele55 on Thu Feb 06, 2014 9:21 pm
([msg=79338]see Re: Forensic Mission 1[/msg])

First, let me say @limdis -- you rock. This is a great mission. I approached it tentatively, not really sure I was worthy. I am so new to forensics, I had to practically google everything.

That said, I am at a head banging moment. I have gotten surprisingly far, given my cluelessness. I managed to recover the files. In the process, I read a lot of interesting things about security and about the sleezy employee who got fired. Now, I am staring at the files that I am pretty sure I need. These particular files all look the same and I did manage to open one. That file only had a little bit of text, but that text didn't seem to help with anything. All the passwords I've tried to complete the mission have failed. I could use a hint to get over that last hurdle. What am I overlooking? I don't want any major answers, just a small hint.

(Sorry, I am being a little vague. I am trying not to give too much away. If it helps, I am running Kali Linux and I used scalpel to retrieve the data.)

P.S. Whose cat and belly button were those? :D
cluele55
New User
New User
 
Posts: 30
Joined: Sat Apr 13, 2013 2:55 pm
Blog: View Blog (0)


Re: Forensic Mission 1

Post by limdis on Sat Feb 08, 2014 11:07 am
([msg=79373]see Re: Forensic Mission 1[/msg])

cluele55 wrote:@limdis -- you rock.

Thanks 8-)

As for scapel, make sure that it is updated and that you are keeping an eye on what is commented out in the config file.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1346
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Forensic Mission 1

Post by cluele55 on Sun Feb 09, 2014 11:36 pm
([msg=79388]see Re: Forensic Mission 1[/msg])

YyyyyyESSSSS! Woo hoo! Happy dance. I did it. Yay. It turns out, I WAS looking at the right file. But it was corrupt when I opened it (I think I was opening it wrong). So I tried Foremost, which is actually easier to use but resulted in fewer files. It did, however, reveal a file type that I overlooked. I went back to scalpel, and after taking some really good advice from a guy named Chuck, I opened the file and there it was.

So exciting. I want more. I would post a smiley face, but the smilies on this forum are kind of stupid looking.
cluele55
New User
New User
 
Posts: 30
Joined: Sat Apr 13, 2013 2:55 pm
Blog: View Blog (0)


Re: Forensic Mission 1

Post by charsta on Tue Feb 18, 2014 11:05 am
([msg=79536]see Re: Forensic Mission 1[/msg])

Hello there! New member here!
As I just finished my master in Forensic Computing I though it will be good practice for me to try some challenges (either forensic or penetration testing related)!
In my case I used a demo (and really old) version of FTK (came with the companion book of a module) to open the file.

It makes you think a little bit more about the evidence or their contents and as limdis posted:

limdis wrote:don't take flags for granted.


Thank you for this challenge. Can't wait for the next one! :p
charsta
New User
New User
 
Posts: 1
Joined: Tue Feb 18, 2014 10:52 am
Blog: View Blog (0)


Re: Forensic Mission 1

Post by fashizzlepop on Sat Feb 22, 2014 2:16 pm
([msg=79583]see Re: Forensic Mission 1[/msg])

charsta wrote:It makes you think a little bit more about the evidence or their contents and as limdis posted:

limdis wrote:don't take flags for granted.



Glad you liked it. This is definitely the style of challenge we love at HTS. I know when I tried it the first time I got stuck. You really have to think about how a forensic investigator would approach the situation. That's what truly makes a great mission; challenging and realistic.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Forensic Mission 1

Post by sirEgghead on Thu Mar 06, 2014 3:18 am
([msg=79743]see Re: Forensic Mission 1[/msg])

I like this mission so far, but I'm a bit stuck. I got to the point of going for a password for a rar file and then I hopped on here and saw that is probably the wrong route. I opened up all possibilities in the default scalpel.conf file as well as trying out a few of the other command flags. I'm winding up with the same thing.

Anyway, I don't want to say too much, but I'd like to find out if I'm running in the wrong direction here. Thanks! :D


sirEgghead
sirEgghead
New User
New User
 
Posts: 1
Joined: Wed Sep 16, 2009 11:07 am
Blog: View Blog (0)


PreviousNext

Return to Forensic

Who is online

Users browsing this forum: No registered users and 0 guests