Digital Forensics
Digital forensics is the art of recovering and analyzing evidence from digital sources. In CTFs, forensics challenges teach you to extract hidden information from image metadata, network packet captures, steganography, and disk images. You'll build a toolkit of command-line tools and learn to think like an investigator.
- 1
File Inspection and Metadata
Every file carries metadata that most people never think about. EXIF data embedded in images can reveal GPS coordinates, camera models, and comments with hidden flags. Tools like exiftool, strings, and file let you peek inside any file. Start here to build the habit of looking beyond the obvious.
- 2
Network Packet Analysis
Network traffic captures (pcap files) record every packet crossing a network interface. With Wireshark or tshark you can reconstruct TCP streams, inspect HTTP requests, and find credentials or flags buried in plaintext traffic. This is a core forensics skill used in real incident response work.
- 3
Steganography
Steganography hides secret data inside innocent-looking media files. A flag might be encoded in the least-significant bits of an image's pixels, appended after a file's official end-of-file marker, or hidden in the color channels of a PNG. Tools like zsteg, steghide, and stegsolve are your allies here.
- 4
Disk and File System Forensics
When you have a raw disk image, tools like Autopsy, The Sleuth Kit, and binwalk let you mount the filesystem, recover deleted files, and examine partition tables. These challenges mirror real-world digital forensics where investigators analyze seized storage devices to reconstruct what happened.
- 5
Multi-Layer and Advanced Challenges
Real forensics investigations rarely involve just one technique. These challenges layer multiple forensics skills: file format quirks, embedded archives, Android APK analysis, and endianness-aware binary parsing. Work through them to solidify the full forensics toolkit.