CTF Handbook

Overview

CTF Handbook

Home
Intro
Intro
Forensics
Forensics
- Overview Overview
  Table of contents
  - Topics
- File Formats
  File Formats
  - What are File Formats
- Metadata
  Metadata
  - What is Metadata
- Network Analysis
  Network Analysis
  - What is Wireshark
  - What is Packet Capture
- Steganography
  Steganography
  - What is Steganography
- Disk Imaging
  Disk Imaging
  - What is Disk Imaging
- Memory Forensics
  Memory Forensics
  - What is Memory Forensics
- Hex Editors
  Hex Editors
  - What is a Hex Editor
Cryptography
Cryptography
- Overview
- XOR
  XOR
  - What is XOR
- Substitution Cipher
  Substitution Cipher
  - What is a Substitution Cipher
  - Caesar Cipher/ROT 13
- Vigenere Cipher
  Vigenere Cipher
  - What is a Vigenere Cipher
- Hashing Functions
  Hashing Functions
  - What are Hashing Functions
- Modes of Operation
  Modes of Operation
  - What are Block Ciphers
  - What are Stream Ciphers
- RSA
  RSA
  - What is RSA
Web Exploitation
Web Exploitation
- Overview
- SQL Injection
  SQL Injection
  - What is SQL Injection
- Command Injection
  Command Injection
  - What is Command Injection
- Directory Traversal
  Directory Traversal
  - What is Directory Traversal
- Cross Site Request Forgery
  Cross Site Request Forgery
  - What is Cross Site Request Forgery
- Cross Site Scripting (XSS)
  Cross Site Scripting (XSS)
  - What is Cross Site Scripting
- Server Side Request Forgery
  Server Side Request Forgery
  - What is Server Side Request Forgery
- PHP
  PHP
  - What is PHP?
Reverse Engineering
Reverse Engineering
- Overview
- Assembly/Machine Code
  Assembly/Machine Code
  - What is Assembly/Machine Code
- The C Programming Language
  The C Programming Language
  - What is C
- Disassemblers
  Disassemblers
  - What are Disassemblers
- Debuggers
  Debuggers
  - What is GDB
- Decompilers
  Decompilers
  - What are Decompilers
Binary Exploitation
Binary Exploitation
- Overview
- Registers
  Registers
  - What are Registers
- The Stack
  The Stack
  - What is the Stack
- Calling Conventions
  Calling Conventions
  - What are Calling Conventions
- Global Offset Table (GOT)
  Global Offset Table (GOT)
  - What is the GOT
- Buffers
  Buffers
  - What are Buffers
  - Buffer Overflow
- Return Oriented Programming (ROP)
  Return Oriented Programming (ROP)
  - What is ROP
- Binary Security
  Binary Security
- The Heap
  The Heap
  - What is the Heap
  - Heap Exploitation
- Format String Vulnerability
  Format String Vulnerability
  - What is a Format String Vulnerability
FAQ
FAQ

Forensics

Forensics is the art of recovering the digital trail left on a computer. There are plenty of methods to find data which is seemingly deleted, not stored, or worse, covertly recorded.

An important part of forensics is having the right tools, as well as being familiar with using them. Approach forensics challenges with an open mind. It's not uncommon to have obscure CTF challenges hide flags in the darkest of corners!

Info

Unlike CTFs normally portray them, real-world forensics are rarely esoteric. For example, it might have you reassembling the boot partitions of a hard drive to recover it's data and file system. Thus, CTF forensics are normally puzzle, "brain-teaser" problems that aims to introduce a tool or method.

The Forensics Wiki is an extraordinary guide to many of the tools used. Give it a read if you're interested in this category!

Forensics

Topics