RECOVERING FILES with Autopsy (PicoCTF 2022 #47 'operation-oni')

1

Hiiiii

I used binwalk too. It was quick and easy using that than autopsy because of command line

Finnaly, I got your home address.

Great video, love the content. Thank you!

The SSH key wasn't a deleted file though

Love this Format Mighty Friend!



You can lead a horse to water
but ya can't always git'em to drink.

uh, he saw for the first time a kernel source tree 🙊
binwalk FTW!

cant wait for htb cyber apocalypse videos.

I like the 'short' informative videos like these. Thanks

"i need to look for keys" hovers over the key folder and moves on

the audio seemed low
at full volume was I able to hear anything

as always great vid

Great content John! Keep it up!

HOLY SHIT BRO YOU DONT EVEN KNOW HOW HELPFUL THIS WAS FOR ME HOMIE

Really like the alternate solution / additional extra curricular activity that you mention as applicable....

I did it with commands icat and fls....it was a lot hectic though!

I like using autopsy and we don't even do traditional forensics as my state requires you be a PI of all things to do that. But I do use it for data recovery and I even use a hardware write blocker. Probably seems like overkill but I never have to say that I may have changed something so if the end user wants to send it to Ontrack or some other place I can argue that we never changed anything.

Couldn’t you just midair image; mount -t iso9660 -o loop disk.img image to mount the disk image and then use find to look for SSH keys and the like?

Nice one as allways!

I love your content, but calling things a "gimmick" when they're far from it... that's... grating. :(

Watching this on the TV cast with my father fingers crossed 🤞 it's not to over my or rather our head(s).

are you use linux for daily driver ??

one easy way to remember the file permissions is to know that read is 4, write is 2, and execute is 1
so r-x will be
4+1=5
and rw- will be
4+2=6

👍

Whats this GUI, I've used autopsy on windows and it wasnt a web app, had a much nicer GUI... Is it not available on Linux?

If you want to understand the rwx permission set, it's better to interpret it as binary.
Basically, we have 3 bits that each represent r, w, and x, respectively.
so, let's say I want read & execute, this translates to r-x, which translates in binary to 101, which then in turn converts to 4+1=5 in base10 :)

Watching this file failing the htb CTF xD only 8 challenges done, but I'm alone ^^

You are Epic

Briefly talks about Chmod three digit codes "you can look up resources on how this exactly works" then proceeds to explain how it exactly works lol thank you John, I love when you do that!

Great great video John, but dude you are like sonic speed lol barely catching up , which made this vid a 40 minutes show. But the point is this is great . May God bless you brother

Lol I just mounted the root partition as a loop device with losetup

thanks dude

Cool Video...here's a little script kiddie journey..enjoy ZHViLnNoL2FuVnpkSEJoYzNSbExtbDBMekkyWjNRMA