FCSC 2021 - Intro - Rituel en Chaine

Table of contents :

This step is a ritual in learning digital investigation. Find the flag in the attached file using the resources available.

disque.img (480M) : https://files.france-cybersecurity-challenge.fr/dl/rituel_en_chaine/disque.img.7z

sha256(disque.img) = c2320040e9404ae398ae28c33e9ea66598282a900c446914275b3247748e1250.

Files :

Solving the challenge

Here we have a disk image, ready for forensics analysis. Of course we could do a deep analysis of the disk, but it is useful to start by using the strings function, it can provide a lot of useful information.

Here, a simple strings -a disque.img | grep FCSC finds the flag in seconds:

$ strings -a disque.img | grep FCSC