Pentest CTF Forensics

Purpose

Extract hidden information from various artifacts: memory dumps, network captures (PCAP), images, and disk images.

Core Workflow

1. File Analysis: Identify file type, metadata, and embedded strings using file, exiftool, and strings.
2. Steganography: Detect and extract hidden data in images/audio using steghide and stegsolve.
3. Network Forensics: Analyze PCAP files for suspicious traffic and flag transmission using wireshark or tshark.
4. Memory Forensics: Analyze memory dumps for processes, connections, and injected code using volatility.
5. Data Extraction: Carve files and recover deleted data using foremost and binwalk.

References

• references/tools.md
• references/workflows.md