Forensics

CanYouSeeMe Challenge Description How about some hide and seek? This challenge focuses on metadata analysis. The flag is hidden within the metadata of an image file. Download Challenge wget https://artifacts.picoctf.net/c_titan/6/unknown.zip Extract the archive: unzip unknown.zip This gives us: ukn_reality.jpg Initial Analysis A good first step in forensic challenges is checking file metadata. Run: exiftool ukn_reality.jpg What is ExifTool? ExifTool is a powerful command-line utility used to read, write, and edit metadata from files such as: ...

Description If you can find the flag on this disk image, we can close the case for good! Download the disk image here. 🧠 Step-by-Step Breakdown: 📥 1. Download and Extract the Disk Image wget https://artifacts.picoctf.net/c_titan/63/disk.flag.img.gz gunzip disk.flag.img.gz 🕵️ 2. Open with Autopsy (Forensic Tool) Autopsy is a digital forensics platform that lets you: Mount and explore disk images Recover deleted files View metadata, file content, etc. 📂 3. Explore the Root Directory Once loaded into Autopsy, the disk image showed 3 files in the root directory: ...

Description Here’s a file that was recovered from a 32-bits system that organized the bytes a weird way. We’re not even sure what type of file it is. Download it here and see what you can get out of it Solution By using CyberChef the file was put into the input section. Then converted to hex for the “Swap Endianness” function under a word length of 4. After this, the hex looks more like a JPG with the correct ÿØÿà␀␐JFIF␀␁ magic bytes start. After the endianness was swapped and save the file . and it automatically saved with the exension of jpg . open this image and you finally get the flag . ...

Description Can you handle APKs? Download the android apk here. Solution wget https://artifacts.picoctf.net/c_titan/142/mobpsycho.apk unzip mobpsycho.apk grep -iR picoCTF * strings mobpsycho.apk | grep flag output res/color/flag.txtUT 🔍 Breakdown: grep -iR picoCTF * grep — Command-line tool to search for text patterns in files. -i — Makes the search case-insensitive (picoctf, PicoCTF, PICOCTF, etc.). -R — Recursively searches all directories and subdirectories starting from the current one. picoCTF — The string you’re searching for (often the format of a flag in Capture The Flag (CTF) challenges). ...