Breached plain

EasyDigital Forensics

Overview

During an internal investigation, we identified a potential data breach involving an encrypted ZIP archive created by an employee using WinRAR 7.12. The archive contains files matching the names of sensitive company documents. Two files were found outside the archive with the same names but contained personal data related to the employee’s family and a Bitcoin address. We suspect the remaining encrypted files may hold confidential company data and need to be reviewed to assess the extent of the breach.
Flag Format: Flag{}

Lab Details

Prerequisites & Requirements

  • Basic understanding of ZIP file encryption mechanisms (particularly ZipCrypto/PKWARE encryption)
  • Familiarity with command-line tools and terminal operations
  • Knowledge of cryptographic attacks, specifically known-plaintext attacks
  • Understanding of file compression algorithms (Deflate)
  • Basic forensic analysis skills for investigating potential data breaches

What will you learn?

  • How ZipCrypto (PKWARE Win32) encryption works and its vulnerabilities
  • Implementation of known-plaintext attacks against ZIP file encryption
  • Usage of bkcrack tool for breaking ZIP encryption keys
  • Understanding the importance of file compression in encryption attacks
  • How to create plaintext archives that match encrypted file structures
  • Forensic techniques for analyzing potentially breached data

Tools

  • zipinfo - For analyzing ZIP file structure and encryption details
  • bkcrack - A tool for performing known-plaintext attacks on ZIP files
  • WinRAR 7.12 - For creating properly compressed plaintext archives
  • Terminal/Command Line - For executing commands and file operations

Job Positions

Tags

MetadataData RecoveryAnti Forensics