Disk Forensics P4

Disk forensics techniques are used to acquire the disk image, process this image to find artifacts of interest including deleted ones.

In this lab, a disk image file “evidence.img” is provided in the home directory of the root user (/root/). There is a file on this image which contains the email and phone number of “evil” user. The email of the user is “evil@attacker.co.uk” and the phone number is the flag for this lab.

Objective: Extract the files from the disk image using the bulk extractor tool and retrieve the flag!

We have to use bulk_extractor to extract the files from the given image

bulk_extractor evidence.img -o output

It depense on the image size, but the extraction process will take some time…

Instead of checking every file manually I’ll use grep for a string search

grep -irn 'evil@attacker.co.uk' . --color

And there we have the flag: +912999949811

Kommentar hinterlassen

Schreib einen Kommentar

Ihre E-Mail-Adresse wird nicht veröffentlicht.