Author: Thomas Quig
Slides
Required Files
Goal:
Give some basic insight to forensics CTF challenges.
Topics Covered:
- file formats
- network protocols
- steganography
- foremost
- wireshark
- stegsolve
How to Run this meeting:
- Give the presentation.
- Get people started on the tasks.
- Help people.
- Every ten minutes or so, demonstrate most of how to solve a challenge on the projector.
Description:
Why is forensics interesting?
- Generally makes you better at computers
- Generally makes you better at networks
- Extremely important in solving crimes (FBI)
What jobs exist?
- Incident Response
- Malware Analysis
- File Retrieval
- Tracking/Monitoring
- Government Agencies
How to gain more skill:
- Practice makes perfect
- Learning tools Like Foremost, Wireshark, and Stegsolve
- Learn about networking
- Learn everything you possibly can about files
- Do the CTF challeges availible for forensics (I.E PicoCTF and this List of CTFs)
- Learn how to use Python as a tool for image manipulation, opening/handling files
- Practice Steganography - both sides of it
- Check out Router God’s Wireshark Videos
- Check out Trail of Bits’ Intro to Forensics