Hello guys
I hope you liked the CTF and the virtual hacking conference.
I come directly to the point “ सीधी बात नो बकवास ”
Section : Forensics
1. Artifacts
description of this challenge : Here forensics experts got some artifacts of malware software (don’t worry file is not malware)
You need to find physical address and find this malware software folder path (not full path)
Flag format: arpcon{software/file/file.exe}
Here is a file : Ljones-musicfile.mp4 , it’s a shortcut file and you need to find physical address ….
could you directly parse the shortcut file ??? don’t do that , it’s a shortcut file of some video and you should be parse with .lnk
LEcmd Lnk is Explorer Command line edition. It’s is a tool to decode all available information contained in shortcut files found on Windows operating systems.
Command : LECmd.exe -f “D:\Computer forensic\tools\Ljones-musicfile.mp4.lnk” — all and you will got lot’s of details
(LECmd.exe and your file must be in same folder)
using this MAC Address: d0:50:99:82:33:6e address open the zip file
then you got 97743AA9.pf
.pf extension is prefetch . use Prefetch parser(PECmd.exe)
The goal of PECmd (I think) was to provide a reliable, Windows-based prefetch parser that display as much data as could be squeezed out of the files.
