Digital Forensics L-1
Introduction
Welcome to the Forensics CTF Challenge! This challenge is designed to test and enhance your digital forensics investigation skills. You will analyze a provided disk image to uncover hidden artifacts, malware traces, system modifications, and forensic evidence.
How to Approach This Challenge?
• Use Autopsy forensic tools to investigate the disk image.
• Each question is based on real-world forensic analysis techniques used by SOC analysts and digital forensics experts.
• Hints are provided to guide you, but try solving without them first!
• Path is https://drive.google.com/file/d/1wU0RpBd3pREDaL_nooEadu2UHwpYV6OR/view?usp=sharing
Question 1.
What is the Device ID of evidence.
Question 2.
The hash of this evidence has been calculated? Yes or No.
Question 3.
How many png file’s in edr document which has been delete.
Question 4.
How many images in by Extension.
Question 5.
How many pdf’s are not deleted from the evidence.
Question 6.
What is the date of IMG_0911.jpg file created.
Question 7.
How many people in IMG_0723.jpg.
Question 8.
What is the Realm Name of OS Account.
Question 9.
How many files in msword.
Question 10.
What is the size of image3.png from the next firewall.pdf.
Question 11.
How many file’s are deleted from the file system.
Question 12.
How many files are download from the web.
Question 13.
How many Suspicious items from the evidence.
Question 14.
What is the Object ID of S-1-5-18.
Question 15.
What is the Size of evidence.