Fundamentals 2: Forensics
by Alec Machlis
At a very high level, Forensics is the science of extracting and preserving data from things. In a crime lab, this is extracting clues from physical evidence from a crime scene, but in Cybersecurity, this is the collection of data from various digital sources. Forensics can be applied to a wide variety of fields in Computer Science, but we will primarily focus on File Forensics, with some cursory Image Steganography and Network Forensics introductions.
Slides
Challenges
We are solving challenges from various sources at the beginner level, available on our platform: https://platform.acmcyber.com.
Once you have finished our challenges, check out the Forensic Challenges available at PicoCTF Gym: https://play.picoctf.org/practice?category=4&page=1
Resources
The following are great resources for Forensics challenges.
- Stego Toolkit: Docker container with many steganography detectors and decoders pre-installed.
- Aperisolve: Online image steganography detction tool.
- Binwalk: Tool to extract files located within other files.
- Hexed.it: Online browser-based file Hex Editor.
- Wireshark: Used for Network Forensics, whenever you find a
.pcapor.pcapngfile. - Autopsy: Used for Disk Forensics, whenever you get a raw disk file.
- Volatility: Used for Memory Dump Forensics.
- aconvert file detection: Online tool for file format detection.