Page 8 of 9

Re: Forensic Mission 1

PostPosted: Wed May 13, 2015 8:53 pm
by Luis_1984

Re: Forensic Mission 1

PostPosted: Thu May 14, 2015 6:07 pm
by Idletester
Hi Guys, Well I couldn't believe how simple this mission was but saying that it was fun even though easy.
A lot of you guys are thinking too hard. You are on about using Scapel, OSFMount, Recuva and a shit load of other programs to try hacking what you are given when you download the Rar file.

The direction to arrive at the correct answer (the required password) has already been given on this forum so I won't go through it again but don't over complicate the mission, it's easy, honestly! I did this in a very short time. In fact my cup of coffee was only half drank and still warm when I finished it.

Looking forward to the next Forensic Mission. Good job HTS nice easy entry level for the HTS members that have never done forensic stuff before. Happy Hacking!

Re: Forensic Mission 1

PostPosted: Fri Jun 19, 2015 6:10 pm
by CryptoMind
At the first sight, mission looks like a complex one, but I realized it is not really that complicated. I used several tools on kali, they all gave different results. Anyway, it is not hard to understand which file you need. For those who faced "Red Herring", do not stuck on one file, and about the archive; no need to unlock it. Think simple, and listen Esqulax:
Esqulax wrote:..., just be REALLY nosy.


I will be waiting for next missions...

Re: Forensic Mission 1

PostPosted: Wed Jul 01, 2015 4:11 pm
by NightArcher
Just completed this and it was really fun, thanks Limdis

Re: Forensic Mission 1

PostPosted: Wed Aug 12, 2015 9:13 am
by boriz666
Awesome mission limdis,
I love the details in the file hieracy / files.

I used the sleuthkit tools as i love no fuzz command line tools that you
can also use in scripting. Used it to make a nice hieracy of files and serve
them on a http server in simple html.

The tools used in the toolkit, and in general:

  • fls
  • icat
  • perl

Re: Forensic Mission 1

PostPosted: Sun Sep 20, 2015 10:13 pm
by luckily
I spent hours with this mission and finally notice the file I originally downloaded was corrupted. tar.gz.part and I kept trying to analyze it thinking it was part of the mission, lol.

Re: Forensic Mission 1

PostPosted: Fri Feb 05, 2016 6:21 am
by tethys
Yahoo! I managed too! :lol:

Yes, the answer was to use the right tool that made the challenge very easy. The tool's name is mentioned above in the thread by the moderator. ;)

Re: Forensic Mission 1

PostPosted: Sun Feb 07, 2016 1:41 pm
by Faithe25
This mission was a lot of fun. I am getting ready to take a course in Digital Forensics, and this was a really cool intro. Hopefully, there will be a few more missions like this in the future!

Re: Forensic Mission 1

PostPosted: Sat Mar 19, 2016 8:27 pm
by Pure_Cadence
slaingod wrote:I had a good bit of fun working this one. I had been testing the new Kali Linux distro release and actually had a harder time trying to do this using DFF and Scalpel. I found using free Windows apps worked much faster. I used OSFMount and Recuva. I think as "limdis" stated, I had some issues with DFF being able to recover or display some of the files. But I don't have much experience with DFF. So don't take that to heart, I may just need to RTFM.

It was fun, but it seemed like a data recovery mission. Not really a forensics mission. We were not looking for who tried to erase her drive. We only were recovering data for the end user.

I believe the techniques are very similar, definitely. So this is a very good mission for practicing forensics techniques. I would like to see missions that are related to the investigation of a wide variety of "computer crimes".

I think this might be fun to try to design missions for this.

-Slaingod


Thanks for the OSFMount and Recuva references. I'd like to see more of these forensic challenges.

Re: Forensic Mission 1

PostPosted: Tue Jul 12, 2016 10:13 am
by limdis
We recently discovered and fixed an issue with Chrome altering the mission file. We have verified that there was not a security risk involved to the users. By default, chrome does not handle tar.gz files properly and attempts to decompress them automatically. This is what caused the difference in md5chksums. If you downloaded the mission file recently with chrome or chromium the checksum should have been 8c0f08637940c581dc055f59b502b747. I still suggest you redownload the file before attempting the mission now that this has been resolved. Good luck.