Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

開源資安工具 – 數位鑑識狗狗 – Autopsy

Autopsy是一套開源的數位鑑識工具,用來分析硬碟和恢復檔案。提供文字存取,檔案恢復,時間軸分析,chrome,firefox 等瀏覽歷史分析,關鍵字搜索和郵件分析等功能。

數位鑑識乃是鑑識科學的其中一個分支,主要在針對數位裝置中的內容進行調查與復原,這常常是與電腦犯罪有所相關。數位鑑識一詞原本是與電腦鑑識為同義詞,但現在已經擴展到調查所有能夠儲存數位資料的裝置。 取自維基百科

https://github.com/sleuthkit/autopsy

https://autopsy.com

題目:


因其他題目描述相同或接近,就不在此放上。

此題有附上Picture.dd檔案供於RynyCTF所有 What is Picture題目用。

解題過程:

Step1. 看到是.dd的檔案,用Autopsy來開啟並分析其中的檔案。

圖(1) 用Autopsy 開啟 .dd 檔案,分析並找出此檔案中的Image

Step2.首先先從Image分類開始找,這邊會show出此dd檔案大部分的image檔案。

圖(2) 打開image 分類
圖(3) image Listing顯示Picture.dd檔案中的所有image

Step3.首先從File1.jpg 開始,然後就可以發現file1.jpg就是Picture #1,已經找到第一題的答案。

圖(四) 點擊file1.jpg 並查看一下Application 訊息,找到Picture #1
圖(五) 打開File Metadata 查看MD5內容

Step4. 然後再用同樣的操作依序對image 中的 file10.jpg、file8.jpg、file9.jpg、image_0.jpg、f0000000.jpg、f0000639.jpg來一遍,找出 3、4、5、6、7、9的圖片,因數量較多就不在此展示這些圖片的MD5了。

圖(六) f0000639.jpg 是 I AM PICTURE #3
圖(七) f0000000.jpg 是 I AM PICTURE #4
圖(八) file8.jpg 是 I AM PICTURE #5
圖(九) file9.jpg 是 I AM PICTURE #6
圖(十) file10.jpg 是 I AM PICTURE #7
圖(十一) image_0.jpg 是 I AM PICTURE #9
Back To Top
error: 內容被保護 !!
Buy Me A Coffee
歡迎贊助 sectools.tw 讓這個網站更好~!