Description

Can you recover the secret inside?

Files : forensics-disk.zip

Forensics Disks Challenge: Flag Extraction

This challenge revolves around forensic analysis of disk images to extract a flag. Three disk images were provided for analysis, and the goal is to find and visualize the flag hidden within these images.

Steps to Solve the Challenge

1. Understanding the Disk Images

The challenge provides three separate disk images named:

• new_1.img
• new_2.img
• new_3.img

These disk images need to be mounted and analyzed to search for hidden files, strings, or any important metadata that could reveal the flag.

2. Mounting and Analyzing the Images

Each disk image was mounted to examine the file system and its contents. Common tools used for this type of analysis include autopsy, foremost, or binwalk, which can help retrieve deleted files or analyze the structure of the file system.

3. Visualizing the Content

Upon visualizing the content of the images, strings of interest were discovered across the disk images. After exploring all three images, a picture resembling the format of a typical CTF flag was found.

4. Flag Discovery

The flag was successfully retrieved after reviewing the contents of the images. It was found in the form:

CTF{232293r-32dcvg33-beskdkfe}

Conclusion

By mounting and visualizing the contents of the three provided disk images, the flag was found and extracted successfully. This process involved scanning for hidden files and reviewing the strings within the images.

---

Final Flag:

• Flag: CTF{232293r-32dcvg33-beskdkfe}

This write-up documents the approach used to solve the forensic disk challenge and retrieve the required flag.