Intro to Sleuthkit for Forensics (PicoCTF #39 'sleuthkit-apprentice')

Поделиться
HTML-код
  • Опубликовано: 29 окт 2024

Комментарии • 18

  • @yttos7358
    @yttos7358 2 года назад +8

    For those who want to do it on the command line you can use `icat` to `cat` out the contents of a specific inode. The inode he displayed in during autopsy was 2371, you also need to tell it the offset `-o` of the filesystem partition you are looking for (use mmls again) and then feed that to `iconv`
    So this is what I used at the end of it `iconv

    • @ductive
      @ductive Год назад

      You can do the same without iconv.

  • @lab-at-home
    @lab-at-home 2 года назад +1

    That is cool. When I solved this challenge I just extracted the filesystem with binwall and looked into the files, but this tool seems to be really cool

  • @harsh2314
    @harsh2314 2 года назад +3

    Your reactions were relatable... most of the time it needs a simple task for us to solve the problem but we can't just get it 😂

  • @moustafakashen3610
    @moustafakashen3610 2 года назад

    LOVE YOUR CONTENT!

  • @bladesvlogs4965
    @bladesvlogs4965 2 года назад

    Wow, that was impressive 👍

  • @lordspacecake5565
    @lordspacecake5565 2 года назад

    Awsome video, great tool to have.

  • @TigerWalts
    @TigerWalts 2 года назад +1

    Three hundred megabytes of hard drive capacity!
    What can that do for you?
    Three hundred file cabinets of storage capacity!
    That's right
    That's on one disk!
    You couldn't get close to that on a floppy disk

  • @h3bb1
    @h3bb1 2 года назад

    Hey John, thansk for the videos. They are both fun and super interesting.
    I wanted to ask you, do you have a video on what you are doing in the terminal at the end, when you echo out the flag and the finish command? Or is this maybe just basic terminal stuff?

    • @Stroopwafe1
      @Stroopwafe1 2 года назад

      It was in one of the earlier episodes in this series, where the solution was so simple he made those 2 commands. Can't remember exactly which one though, sorry

  • @shiv_sagar72
    @shiv_sagar72 2 года назад

    great video thnks man

  • @rasraster
    @rasraster 2 года назад +1

    Am I missing something obvious? Couldn't he have just decoded the hex in that flag.uni.txt file, right off the bat?

  • @feverwilly
    @feverwilly 2 года назад +2

    The WIndows version is better it was redone in Java in Windows.

  • @bhagyalakshmi1053
    @bhagyalakshmi1053 Год назад

    Codo automatically shell

  • @SphereofTime
    @SphereofTime 7 месяцев назад

    5:00

  • @Lacsap3366
    @Lacsap3366 2 года назад

    All I did in this challenge was to mount the root partition as a loop device by hand and just cat out the flag.uni.txt

    • @jorjo1061
      @jorjo1061 Год назад

      Yeah same but autopsy seems cool as well