Broken Bonds

EasyDigital Forensics

Overview

During an investigation of a ransomware incident, analysts recovered an encrypted filesystem and a suspicious .pptx presentation left behind by the attacker. The ransomware binary itself has no obvious key or command-and-control behavior — everything points to a fully offline payload.

Lab Details

Prerequisites & Requirements

  • Basic understanding of file formats and structures
  • Familiarity with command-line tools
  • Knowledge of XML and its parsing

What will you learn?

  • How to investigate Microsoft Office file formats
  • Techniques for file format analysis
  • Methods for data extraction from compound document formats
  • Automated flag discovery in structured files

Tools

  • File archiving tools (unzip, 7zip)
  • Text editors or XML viewers
  • Command-line utilities (grep, find, etc.)
  • Optional: scripting language (Python, Bash)

Job Positions

Soc Analyst

Tags

MetadataFile CarvingOs ArtifactsIncident ResponseData Recovery