Google Keep - Notes and Lists: Mobile Artifacts g4rud4 2021-06-18 Forensics / Android tl;dr Analysing Google keep mobile artifacts. Read More Android Google Keep DB Browser for SQLITE ALEAPP
KarDi Bee X - Securinets Quals 2021 g4rud4 2021-03-22 Forensics / Memory tl;dr File recovery from the memory dump Environment variables analysis. RAR and Zip password cracking. Cracking Windows user password hash. Extracting Keepass Master Password from keystrokes of logged data. Read More Volatility Windows Memory Analysis Securinets Quals
Be My Guest - UTCTF21 g4rud4 2021-03-15 Forensics / Network tl;dr Retrieving the flag from Samba SMB workgroup guest. Read More UTCTF SMB
Hack Bob's Box - UTCTF21 g4rud4 2021-03-15 Forensics / Network tl;dr Anonymous login to FTP server. Retrieve SSH login username and password from Firefox History Read More UTCTF FTP Firefox History
Little Tricks - StarCTF 2021 g4rud4 2021-01-28 Forensics / Disk tl;dr Decrypt the bitlocker encrypted drive extracting the flag from deleted PDF Read More Disk Encryption Bitlocker StarCTF
PIP Install - Week 2 - Magnet Weekly CTF g4rud4 2020-10-20 Forensics / Android tl;dr Finding Picture-In-Picture application capability. Most recently viewed web activity in Picture-In-Picture application on the device. Read More Magnet Weekly CTF ALEAP Picture-In-Picture
Mapping the Digits - Week 1 - Magnet Weekly CTF g4rud4 2020-10-12 Forensics / Android tl;dr Finding the last modified timestamp of the file that maps names to IP’s accessed. Read More Autopsy Magnet Weekly CTF Android Forensics
LOGarithm - InCTF Internationals 2020 stuxn3t 2020-08-04 Forensics / Memory tl;dr Extract keylogger script from the memory dump. Extract the master key from the packet capture. Reverse the script to get the flag. Read More InCTFi Windows Memory Analysis
Investigation Continues - InCTF Internationals 2020 stuxn3t 2020-08-04 Forensics / Memory tl;dr Extract Invalid Login timestamp from the windows registry. Extract the timestamp of when a JPEG was opened. Extract Google Chrome’s last run time which was pinned to taskbar from windows registry. Read More InCTFi Volatility Windows Memory Analysis Windows Registry
Investigation - InCTF Internationals 2020 stuxn3t 2020-08-04 Forensics / Memory tl;dr Extract process last run time from the windows registry. Extract process run count from the windows registry. Read More InCTFi Volatility Windows Memory Analysis Windows Registry