---
title: FRIctf{forenzika} 
author: DragonSec
patat:
  eval:
    figlet:
      command: figlet
      fragment: false
      replace: true
---

```figlet
FORENZIKA

FRIctf 2022
```
---

```figlet
KAJ JE FORENZIKA ?
```
* Steganografija
* Analiza "memory dumpov"
* Analiza tcp/udp paketov

Basically vse kjer je potrebno izlusciti neko skrito informacijo.

---

```figlet
ANALIZA SLIK
```

* Najprej si oglejmo sliko
```bash
feh images/PXL_20220920_141456208.jpg

# Poglejmo drobovje slike
carbon :: ctf/2022/frictf_forensics_presentation » hexdump  -C images/PXL_20220920_141456208.jpg | head
00000000  ff d8 ff e1 dc 66 45 78  69 66 00 00 49 49 2a 00  |.....fExif..II*.|
00000010  08 00 00 00 0d 00 00 01  03 00 01 00 00 00 d0 0b  |................|
00000020  00 00 01 01 03 00 01 00  00 00 c0 0f 00 00 0f 01  |................|
00000030  02 00 07 00 00 00 aa 00  00 00 10 01 02 00 0b 00  |................|
00000040  00 00 b1 00 00 00 12 01  03 00 01 00 00 00 01 00  |................|
00000050  00 00 1a 01 05 00 01 00  00 00 bc 00 00 00 1b 01  |................|
00000060  05 00 01 00 00 00 c4 00  00 00 28 01 03 00 01 00  |..........(.....|
00000070  00 00 02 00 00 00 31 01  02 00 15 00 00 00 cc 00  |......1.........|
00000080  00 00 32 01 02 00 14 00  00 00 e1 00 00 00 13 02  |..2.............|
00000090  03 00 01 00 00 00 01 00  00 00 69 87 04 00 01 00  |..........i.....|
```

---

```figlet
EXIFTOOL
```

* Orodje, ki izlusci vse informacije, ki jih slika/video/gif hrani.

```bash
carbon :: ctf/2022/frictf_forensics_presentation » exiftool images/PXL_20220920_141456208.jpg | grep -i Date
File Modification Date/Time     : 2022:10:03 22:17:56+02:00
File Access Date/Time           : 2022:10:13 16:01:45+02:00
File Inode Change Date/Time     : 2022:10:03 22:17:56+02:00
Modify Date                     : 2022:09:20 16:14:56
Date/Time Original              : 2022:09:20 16:14:56
Create Date                     : 2022:09:20 16:14:56
GPS Date Stamp                  : 2022:09:20
Profile Date Time               : 2016:12:08 09:38:28
Create Date                     : 2022:09:20 16:14:56.208+02:00
Date/Time Original              : 2022:09:20 16:14:56.208+02:00
Modify Date                     : 2022:09:20 16:14:56.208+02:00
GPS Date/Time                   : 2022:09:20 14:14:55Z
```
---

```figlet
EXIFTOOL
```

```bash
carbon :: ctf/2022/frictf_forensics_presentation 130 » exiftool images/PXL_20220920_141456208.jpg  | grep -i gps
GPS Latitude Ref                : North
GPS Longitude Ref               : East
GPS Altitude Ref                : Above Sea Level
GPS Time Stamp                  : 14:14:55
GPS Img Direction Ref           : Magnetic North
GPS Img Direction               : 295
GPS Date Stamp                  : 2022:09:20
GPS Altitude                    : 339.1 m Above Sea Level
GPS Date/Time                   : 2022:09:20 14:14:55Z
GPS Latitude                    : 46 deg 1' 53.06" N
GPS Longitude                   : 14 deg 29' 1.37" E
GPS Position                    : 46 deg 1' 53.06" N, 14 deg 29' 1.37" E
```
---

```figlet
FORENSICS == STRINGS & GREP :-)
```
```bash
carbon :: ctf/2022/frictf_forensics_presentation 1 » exiftool images/PXL_20220920_141456208.jpg | grep -i comment
Comment                         : ctf{yay_my_first_forensic_flag}

```
---

```figlet
CYBERCHEF

VOLATILITY
```
---

```figlet
APERISOLVE

WIRESHARK
```
---

```Figlet
DELAVNICE
```
* @Pixel  -> memory dump challenge
* @spanskiduh -> packet capture challenge

```figlet
VPRASANJA ?
```