Pitter, Patter, Platters

Point: 200

Category

Forensic

Question

'Suspicious' is written all over this disk image. Download suspicious.dd.sda1

Hint

• Hint 1: It may help to analyze this image in multiple ways: as a blob, and as an actual mounted disk.

• Hint 2: Have you heard of slack space? There is a certain set of tools that now come with Ubuntu that I'd recommend for examining that disk space phenomenon...

Solution

In this challenge I had to understand some my new knowledge about slack space. After searching for foresic tools, I found a tool is called Autopsy.

Flag

picoCTF{y0u_m4d3_1t_16f769e719ab9d3e310fd13dc1262ee1}