Disk, disk, sleuth!

Problem
Use srch_strings from the sleuthkit and some terminal-fu to find a flag in this disk image: dds1-alpine.flag.img.gz
​dds1-alpine.flag.img.gz​
Solution
1.Extract the disk by running gunzip dds1-alpine.flag.img.gz.
2.Make sure autopsy is installed (sudo apt install autopsy).
3.Use the srch_strings command as suggested by the challenge and then search for picoCTF: srch_strings dds1-alpine.flag.img | grep picoCTF
Flag
picoCTF{f0r3ns1c4t0r_n30phyt3_a011c142}

Last modified 6mo ago