Showing posts from June, 2022

Magnet Forensics June 2022 CTF - Linux

This CTF was hosted by Magnet Forensics and was held on June 15, 2022, from 3 PM - 6 PM EST. Two datasets were provided - a Linux box and an iOS 15 FFS extract. Tools I Used: Magnet AXIOM Examine v6.2.0.31740 and Autopsy v4.19.3 LINUX QUESTIONS: I use print statements for my logging: What is the name of the utility/library the user was looking at exploits for?   Log4j This question took much longer than I’d like to admit. I have no experience with Log4j so didn’t know what it was exactly. Apache Log4j is a Java-based logging utility. The answer was found in AXIOM > Web Related > Firefox Web History. Or: by using Autopsy to traverse the filesystem - home\rafael\snap\firefox\common\.mozilla\firefox\mcrcm1xn.default\places.sqlite in the table moz_places    Mischievous Lemur: What is the version ID number of the operating system on the machine? Format: XX.XX   21.10 The operating system version can be found in AXIOM > OPERATING SYSTEM > Operating System In