RingZer0-20 - I made a dd of Agent Smith usb key
Forensics
I made a dd of Agent Smith usb key
The first thing we run is the command file
on the file
file 86b265d37d1fc10b721a2accae04a60d
Linux rev 1.0 ext2 filesystem data (mounted or unclean), UUID=91c0fd20-bd3d-44e3-bfbb-1c18a9c0a20b
This gives you an idea on what type of file you’re dealing with.
A quick google search let’s you know that the file is an image of something that you could mount.
Another thing that is useful to run if the command strings
strings 86b265d37d1fc10b721a2accae04a60d | less
This pretty much gave us the answer that we were looking for. Line 7 contains what we were looking for.
The flag is : FLAG-ggmgk05096