ARPCON 2020 Forensics and Misc Challenge Write-up

Mrunal chawda
5 min readOct 12, 2020

Hello guys

I hope you liked the CTF and the virtual hacking conference.

I come directly to the point “ सीधी बात नो बकवास ”

Section : Forensics

1. Artifacts

description of this challenge : Here forensics experts got some artifacts of malware software (don’t worry file is not malware)
You need to find physical address and find this malware software folder path (not full path)

Flag format: arpcon{software/file/file.exe}

Here is a file : Ljones-musicfile.mp4 , it’s a shortcut file and you need to find physical address ….

could you directly parse the shortcut file ??? don’t do that , it’s a shortcut file of some video and you should be parse with .lnk

LEcmd Lnk is Explorer Command line edition. It’s is a tool to decode all available information contained in shortcut files found on Windows operating systems.

--

--

Mrunal chawda

Blogger | Security Researcher | Digital forensic analyst | Twitter — @mrunal110