Digital Forensics

Description Dean downloaded a cracked software application from an unofficial source and subsequently discovered that his personal data has been leaked. An investigation is now underway to determine the cause of the data leak and mitigate any potential damage. Tools Tools Required 1- FTKimger 2- Notepad++ 3- Scripting Writeup Q1 What distribution system was used by the victim, including its version? By open the disk image on FTK imager. now we need to start investgiating and find out the system and the version....

Description A user thought they were downloading the SysInternals tool suite and attempted to open it, but the tools did not launch and became inaccessible. Since then, the user has observed that their system has gradually slowed down and become less responsive. Challenge Link : https://cyberdefenders.org/blueteam-ctf-challenges/55 Supportive Tools: Registry Explorer Event Log Explorer AppCompatCachParser VirsuTotal Web Cache View FTK Imager Autopsy Writeup Q1 1: What was the malicious executable file name that the user downloaded?...

Description: You are a Digital Forensics and Incident Response (DFIR) analyst tasked with investigating a ransomware attack that has affected a company's system. The attack has resulted in file encryption, and the attackers are demanding payment for the decryption of the affected files. You have been given a memory dump of the affected system to analyze and provide answers to specific questions related to the attack. Q1: Using a memory dump analysis, can you determine the date and time that the device was infected with the malware?...

Description This image was captured from an iPhone of a user who likes to play video games, especially Minecraft, and communicates with friends. But is this user doing something they shouldn't be?. We need to identify any kind of anomaly behavior done by this user. Challenge Link : https://cyberdefenders.org/blueteam-ctf-challenges/96 Supportive Tools: CyberChef iLEAPP dcode DB Browser for SQLite unfurl MacForensics PList Deserializer Writeup Q1 1: Personal List! -> How many items were on Patrick's shopping list?...

Description Recently, we have seen a resurgence of Excel-based malicous office documents. Howerver, instead of using VBA-style macros, they are using older style Excel 4 macros. This changes our approach to analyzing these documents, requiring a slightly different set of tools. In this challenge, you'll get hands-on with two documents that use Excel 4.0 macros to perform anti-analysis and download the next stage of the attack. Challenge Link : https://cyberdefenders....