Forensic Mission 1

Learn to recover deleted files, analyze evidence, and see beyond the immediately obvious.
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts, etc.]
Posting these will result in warnings/bans!

Re: Forensic Mission 1

Post by Luis_1984 on Wed May 13, 2015 8:53 pm
([msg=88040]see Re: Forensic Mission 1[/msg])

Luis_1984
New User
New User
 
Posts: 1
Joined: Wed May 13, 2015 8:48 pm
Blog: View Blog (0)


Re: Forensic Mission 1

Post by Idletester on Thu May 14, 2015 6:07 pm
([msg=88053]see Re: Forensic Mission 1[/msg])

Hi Guys, Well I couldn't believe how simple this mission was but saying that it was fun even though easy.
A lot of you guys are thinking too hard. You are on about using Scapel, OSFMount, Recuva and a shit load of other programs to try hacking what you are given when you download the Rar file.

The direction to arrive at the correct answer (the required password) has already been given on this forum so I won't go through it again but don't over complicate the mission, it's easy, honestly! I did this in a very short time. In fact my cup of coffee was only half drank and still warm when I finished it.

Looking forward to the next Forensic Mission. Good job HTS nice easy entry level for the HTS members that have never done forensic stuff before. Happy Hacking!
Idletester
New User
New User
 
Posts: 1
Joined: Wed Jan 28, 2015 2:04 am
Blog: View Blog (0)


Re: Forensic Mission 1

Post by CryptoMind on Fri Jun 19, 2015 6:10 pm
([msg=88582]see Re: Forensic Mission 1[/msg])

At the first sight, mission looks like a complex one, but I realized it is not really that complicated. I used several tools on kali, they all gave different results. Anyway, it is not hard to understand which file you need. For those who faced "Red Herring", do not stuck on one file, and about the archive; no need to unlock it. Think simple, and listen Esqulax:
Esqulax wrote:..., just be REALLY nosy.


I will be waiting for next missions...
~"the quieter you become, the more you are able to hear"
User avatar
CryptoMind
New User
New User
 
Posts: 3
Joined: Sat Feb 07, 2015 7:17 pm
Blog: View Blog (0)


Re: Forensic Mission 1

Post by NightArcher on Wed Jul 01, 2015 4:11 pm
([msg=88750]see Re: Forensic Mission 1[/msg])

Just completed this and it was really fun, thanks Limdis
"God wouldn't be up this late"
User avatar
NightArcher
New User
New User
 
Posts: 10
Joined: Sat Jun 28, 2014 8:01 am
Blog: View Blog (0)


Re: Forensic Mission 1

Post by boriz666 on Wed Aug 12, 2015 9:13 am
([msg=89344]see Re: Forensic Mission 1[/msg])

Awesome mission limdis,
I love the details in the file hieracy / files.

I used the sleuthkit tools as i love no fuzz command line tools that you
can also use in scripting. Used it to make a nice hieracy of files and serve
them on a http server in simple html.

The tools used in the toolkit, and in general:

  • fls
  • icat
  • perl
boriz666
Experienced User
Experienced User
 
Posts: 96
Joined: Tue Mar 24, 2015 11:53 am
Blog: View Blog (0)


Re: Forensic Mission 1

Post by luckily on Sun Sep 20, 2015 10:13 pm
([msg=89838]see Re: Forensic Mission 1[/msg])

I spent hours with this mission and finally notice the file I originally downloaded was corrupted. tar.gz.part and I kept trying to analyze it thinking it was part of the mission, lol.
luckily
New User
New User
 
Posts: 12
Joined: Mon Oct 27, 2014 2:22 pm
Blog: View Blog (0)


Re: Forensic Mission 1

Post by tethys on Fri Feb 05, 2016 6:21 am
([msg=91488]see Re: Forensic Mission 1[/msg])

Yahoo! I managed too! :lol:

Yes, the answer was to use the right tool that made the challenge very easy. The tool's name is mentioned above in the thread by the moderator. ;)
tethys
New User
New User
 
Posts: 3
Joined: Fri Jan 29, 2016 1:53 pm
Blog: View Blog (0)


Re: Forensic Mission 1

Post by Faithe25 on Sun Feb 07, 2016 1:41 pm
([msg=91505]see Re: Forensic Mission 1[/msg])

This mission was a lot of fun. I am getting ready to take a course in Digital Forensics, and this was a really cool intro. Hopefully, there will be a few more missions like this in the future!
Faithe25
New User
New User
 
Posts: 8
Joined: Tue Aug 04, 2015 1:46 pm
Blog: View Blog (0)


Re: Forensic Mission 1

Post by Pure_Cadence on Sat Mar 19, 2016 8:27 pm
([msg=91963]see Re: Forensic Mission 1[/msg])

slaingod wrote:I had a good bit of fun working this one. I had been testing the new Kali Linux distro release and actually had a harder time trying to do this using DFF and Scalpel. I found using free Windows apps worked much faster. I used OSFMount and Recuva. I think as "limdis" stated, I had some issues with DFF being able to recover or display some of the files. But I don't have much experience with DFF. So don't take that to heart, I may just need to RTFM.

It was fun, but it seemed like a data recovery mission. Not really a forensics mission. We were not looking for who tried to erase her drive. We only were recovering data for the end user.

I believe the techniques are very similar, definitely. So this is a very good mission for practicing forensics techniques. I would like to see missions that are related to the investigation of a wide variety of "computer crimes".

I think this might be fun to try to design missions for this.

-Slaingod


Thanks for the OSFMount and Recuva references. I'd like to see more of these forensic challenges.
User avatar
Pure_Cadence
New User
New User
 
Posts: 17
Joined: Sun Jan 17, 2016 9:31 pm
Blog: View Blog (0)


Re: Forensic Mission 1

Post by limdis on Tue Jul 12, 2016 10:13 am
([msg=92575]see Re: Forensic Mission 1[/msg])

We recently discovered and fixed an issue with Chrome altering the mission file. We have verified that there was not a security risk involved to the users. By default, chrome does not handle tar.gz files properly and attempts to decompress them automatically. This is what caused the difference in md5chksums. If you downloaded the mission file recently with chrome or chromium the checksum should have been 8c0f08637940c581dc055f59b502b747. I still suggest you redownload the file before attempting the mission now that this has been resolved. Good luck.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1657
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


PreviousNext

Return to Forensic

Who is online

Users browsing this forum: No registered users and 0 guests