Challenge 11, Part 1: What is the IPv4 address that myaccount.google.com resolves to?
I was able to find this pretty quick going back to last week’s artifacts. In week 10, I used bulk_extractor to carve a PCAP out of the memory image.
Opening the same PCAP file I applied a String filter for ‘myaccount’.
In the highlighted row we can see a DNS resolution for myaccount.google.com coming back as 220.127.116.11. [Flag 1]
Challenge 11, Part 2: What is the canonical name (cname) associated with Part 1?
Scrolling further to the right on the same entry, we see that the CNAME for myacccount.google.com was www3.l.google.com. [Flag 2]