Disk forensics techniques are used to acquire the disk image, process this image to find artifacts of interest including deleted ones.
In this lab, a disk image file “evidence.img” is provided in the home directory of the root user (/root/). One of the JPEG files present on the disk contains the flag.
Objective: Extract files from the given image using Foremost tool and retrieve the flag!
- viu tool can be used to view image files on command-line interface (CLI).
First let’s check the command reference of the tool foremost that is linked above.
foremost -v -i evidence.img -o output
As we can see, one jpg file got extracted. Let’s open that file with the viu tool.
And the flag is: