Skip to main content
CTF Support
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. CTF Support
  2. /
  3. Forensics
Edit page

Forensics

Overview

Digital forensics in Capture The Flag (CTF) challenges focuses on recovering hidden data, identifying system activity, and reconstructing events from captured evidence. These challenges mimic real-world investigations, you might analyze disk images, memory dumps, log files, or network traffic to uncover clues and retrieve flags.

The Forensics section of CTF.Support covers the essential areas of investigation:

  • File Analysis: Identify file types and extract metadata.
  • File Carving & Recovery: Carve data from memory dumps and files.
  • Office Files: Analyze macros, metadata, and embedded objects in Office documents.
  • Logs & System Artifacts: Examine logs, thumbcache, and RDP cache files for user activity.
  • Memory Forensics: Inspect RAM dumps to recover processes, credentials, and injected code.
  • Network Forensics: Reconstruct sessions, decode covert channels, and extract transferred files.
  • Browser Artifacts: Recover browsing history, cookies, and credentials from user profiles.

Each topic includes examples and tools to help you build practical forensic skills for competitions and investigations.