| name | pentest-ctf-forensics |
| description | Digital forensics, steganography, and packet analysis for CTF challenges and investigation. |
Pentest CTF Forensics
Purpose
Extract hidden information from various artifacts: memory dumps, network captures (PCAP), images, and disk images.
Core Workflow
- File Analysis: Identify file type, metadata, and embedded strings using
file, exiftool, and strings.
- Steganography: Detect and extract hidden data in images/audio using
steghide and stegsolve.
- Network Forensics: Analyze PCAP files for suspicious traffic and flag transmission using
wireshark or tshark.
- Memory Forensics: Analyze memory dumps for processes, connections, and injected code using
volatility.
- Data Extraction: Carve files and recover deleted data using
foremost and binwalk.
References
references/tools.md
references/workflows.md