PicoCTF2018 - Forensics - Recovering from the Snap Objective: There used to be a bunch of animals[1] here, what did Dr. Xernon do to them? Hints: (1) Some files have been deleted from teh disk image, but are they really gone? Solution: I used foremost to recover the files from the DD image. let's mount the DD to see what is inside visible to my OS @kali:/$ sudo mkdir /mnt/disk_image @kali:/$ sudo mount -o loop -t auto /home/circusmonkey404/Downloads/animals.dd /mnt/disk_image let's see whats in there kali:/mnt/disk_image$ ls dachshund.jpg frog.jpg music.jpg rabbit.jpg 4 files named after animals let's through Foremost at it and see what it finds kali:/mnt/disk_image$ ls dachshund.jpg frog.jpg music.jpg rabbit.jpg Let's check and see what foremost found @kali:~/Downloads$ ls animals.dd husky.png incidents.json output_Tue_Sep_24_10_45_31_2019 passwd @kali:~/Downloads$ cd output_Tue_Sep_24_10_45_31_2019/ @kali:~/Downloads/
@circusmonkey404 on the twitters; DM for contact