Disk, disk, sleuth!

Problem

Use srch_strings from the sleuthkit and some terminal-fu to find a flag in this disk image: dds1-alpine.flag.img.gz

Solution

  1. Extract the disk by running gunzip dds1-alpine.flag.img.gz.

  2. Make sure autopsy is installed (sudo apt install autopsy).

  3. Use the srch_strings command as suggested by the challenge and then search for picoCTF: srch_strings dds1-alpine.flag.img | grep picoCTF

Flag

picoCTF{f0r3ns1c4t0r_n30phyt3_a011c142}

Last updated