-
Sep 9, 2025
Scenario SOURCE: Digital Corpora (Note: Because packet capture files contain timestamps for each packet, this scenario needs to have a date and time when it takes place. This scenario takes place in Summer 2008. The date and time stamps are not relevant in solving the problem set.) You are a...
Tags:dfir, digital-corpora
-
Aug 29, 2025
At the beginning of the challenge, you can quickly realize that we are dealing with a Linux filesystem. Looking through the folders to see if we have any suspicious files we see recycle.bin. For those with a Windows background this may look familiar but remember that we are in a...
Tags:dfir, ctf-dfirlabs
-
Jul 15, 2025
(Image generated by ChatGPT) Unzipping the file shows another raw file, so lets search for a profile in volatility $ vol.py -f DFIRLABS.raw imageinfo Volatility Foundation Volatility Framework 2.6.1 INFO : volatility.debug : Determining profile based on KDBG search... Suggested Profile(s) : Win10x64_19041 AS Layer1 : SkipDuplicatesAMD64PagedMemory (Kernel AS) AS...
Tags:dfir, ctf-dfirlabs
-
Jun 1, 2025
(Image generated by ChatGPT) The Beginning to Suffering Volatility has always been one of those tools that was, like, cool, but I never saw true utility out of it other than running basic modules and having the output for the flag given to me. This challenge is definitely not that....
Tags:dfir, ctf-dfirlabs