Unlike the Fighting Irish, I don’t have a perfect record this year – but I’m still loving the game. I never did get to finish the week 6 challenge, but with week 7, I’m back in it. Challenge 7 (Nov 16-23) Part 1, Domains and Such. What is the IP address of the HDFS primaryContinue reading “Magnet Weekly CTF: Question 7 Solution Walk-Through”
So for week 5 we started Ali Hadi’s Linux image, (farewell for now Android.) I’ve worked WITH Linux for years as my underlying operating system for forensics, but as the forensics target, not so much. As the Magnet Training team is fond to say, “You don’t know what you don’t know.” That was certainly theContinue reading “Magnet Weekly CTF: Question 5 Solution Walk-Through”
Challenge 4 (10/26-11/2) Animals That Never Forget Chester likes to be organized with his busy schedule. Global Unique Identifiers change often, just like his schedule but sometimes Chester enjoys phishing. What was the original GUID for his phishing expedition? Week 4 was definitely a brain-teaser for me. On my first attempt I was focused onContinue reading “Magnet CTF: Question 4 Solution Walk-Through”
Challenge 3…Which exit did the device user pass by that could have been taken for Cargo? In NJ it’s common to inquire where someone resides with the question “What exit?” I found it interesting that some of the test data examined as part of the CTF included artifacts that originated in New Jersey. Yup. IContinue reading “Magnet CTF: Question 3 Solution Walk-Through”
Challenge 2 (OCT 12-18) PIP Install: What domain was most recently viewed via an app that has picture-in-picture capability? For the week 2 challenge, we’re using the same Android image we examined last week. From the question there’s two factors involved, application capability and application usage. The first thing to understand is what applications on the device have PIPContinue reading “Magnet CTF: Question 2 Solution Walk-Through”
1: What time was the file that maps names to IP’s recently accessed? Mobile Forensics is not my strongest area, and Android even less than iOS. Based on my limited experience the first thing I started with was Google (“GTS”). Based on the question I supposed that the artifact would be DNS related. Where on the device would thatContinue reading “Magnet CTF:
Question 1 Solution Walk-Through”
A link to my Github for DFIR related PowerShell scripts.
Welcome to Baker Street Forensics where Irregulars are all part of the game. My homage to the legendary, fictional hero and a repository for tidbits of acquired knowledge in DFIR and Digital Forensics.