The anoniy

MediumDigital Forensics

Overview

We have identified an internal threat responsible for breaching and leaking company data on anoniy.com. Our investigation indicates that the individual is using a password manager to store their credentials. However, we have been unable to locate the encryption key, rendering it inaccessible. We are requesting assistance in retrieving these credentials to support our ongoing investigation. Once the user has accessed the website he then immediately copied a password and used it, the password is a base64 encoded value, you need to use timeline analysis and retrieve his password Flag Format: Flag{password}

Lab Details

Prerequisites & Requirements

How to open and explore a disk image (a copy of a computer’s hard drive) using a forensic tool.
How to find important files in Windows, like browser history and clipboard data.
How to use simple database queries to look for evidence of user activity.
How to use Python to convert timestamps between formats.
How to connect the dots between different pieces of evidence.

What will you learn?

How to use forensic tools to look inside a disk image and find files.
How browsers like Microsoft Edge keep a record of websites visited, and how to read that record.
How Windows keeps a history of things copied to the clipboard, and why that matters for security.
How to match up times from different sources, even when they use different formats.
How to recover sensitive information (like usernames and passwords) from clipboard history.

Tools

FTK Imager: This is a program that lets you open and explore disk images. Imagine it as a super-powered file explorer for forensic work.
SQLite viewer : This lets us look inside database files (like browser history and clipboard data) and run searches or filters.
Python: A programming language we use for simple scripts, like converting timestamps from one format to another.

The anoniy

Overview

Lab Details

Job Positions

Tags