shield_lock
JinDaGe
Back to skills
extension
Category: Development & EngineeringNo API key required

pentest-ctf-forensics

Digital forensics, steganography, and packet analysis for CTF challenges and investigation.

personAuthor: jakexiaohubgithub
open_in_newRepositorydownloadDownload package

Pentest CTF Forensics

Purpose

Extract hidden information from various artifacts: memory dumps, network captures (PCAP), images, and disk images.

Core Workflow

  1. File Analysis: Identify file type, metadata, and embedded strings using file, exiftool, and strings.
  2. Steganography: Detect and extract hidden data in images/audio using steghide and stegsolve.
  3. Network Forensics: Analyze PCAP files for suspicious traffic and flag transmission using wireshark or tshark.
  4. Memory Forensics: Analyze memory dumps for processes, connections, and injected code using volatility.
  5. Data Extraction: Carve files and recover deleted data using foremost and binwalk.

References

  • references/tools.md
  • references/workflows.md