Week 09: Forensics

Author: Thomas Quig

Slides Required Files

Goal:

Give some basic insight to forensics CTF challenges.


Topics Covered:

  • file formats
  • network protocols
  • steganography
  • foremost
  • wireshark
  • stegsolve

How to Run this meeting:

  • Give the presentation.
  • Get people started on the tasks.
  • Help people.
  • Every ten minutes or so, demonstrate most of how to solve a challenge on the projector.

Description:

Why is forensics interesting?

  • Generally makes you better at computers
  • Generally makes you better at networks
  • Extremely important in solving crimes (FBI)

What jobs exist?

  • Incident Response
  • Malware Analysis
  • File Retrieval
  • Tracking/Monitoring
  • Government Agencies

How to gain more skill:

  • Practice makes perfect
  • Learning tools Like Foremost, Wireshark, and Stegsolve
  • Learn about networking
  • Learn everything you possibly can about files
  • Do the CTF challeges availible for forensics (I.E PicoCTF and this List of CTFs)
  • Learn how to use Python as a tool for image manipulation, opening/handling files
  • Practice Steganography - both sides of it
  • Check out Router God’s Wireshark Videos
  • Check out Trail of Bits’ Intro to Forensics