Statement
You are invited to an interview for a forensics investigator position at the NSA. For your first technical evaluation they ask you to analyze this file. Prove to them that you’re a fitting candidate for this job.
Download Evidence File
Extract evidence file ch16.zip after this you will get e01 format file of evidence.
Now mount this image file
First install this tool for this task
git clone https://github.com/ANSSI-FR/bmc-tools.git
cd bmc-tools
now move your evidence file in this folder
sudo apt install ewf-tools
ewf-tools is a powerful suite of utilities designed for working with EnCase Evidence Files (E01). These files, used in digital forensics, capture bit-for-bit copies of storage devices and are commonly used to preserve and analyze evidence in forensic investigations. ewf-tools provides essential functionalities for mounting, extracting, verifying, and analyzing EnCase .E01 files, enabling investigators to handle these forensic images efficiently and securely.
The key utilities in the ewf-tools package allow users to mount .E01 images as virtual file systems, convert them to raw disk images for further analysis, verify their integrity, and retrieve metadata about the files. These tools support working with compressed and segmented .E01 files, making them indispensable for digital forensic professionals.
Whether you need to access the contents of a forensic image, extract raw data for deeper analysis, or ensure the integrity of critical evidence, ewf-tools provides a versatile and reliable set of tools for handling EnCase forensic images across different platforms, including Linux, macOS, and Windows.
Key Features:
- Mounting
.E01files as virtual file systems for easy access. - Exporting raw disk images (e.g.,
.dd,.img,.raw) from.E01files for further forensic analysis. - Verifying image integrity to ensure the authenticity and integrity of forensic evidence.
- Extracting metadata about
.E01files, such as the size, segments, and other details. - Cross-platform support, available for Linux, macOS, and Windows, offering flexibility for forensic professionals working in different environments.
Common Tools in ewf-tools:
ewfmount: Mounts.E01files as virtual file systems.ewfexport: Extracts raw disk images from.E01files.ewfinfo: Provides information about.E01files.ewfverify: Verifies the integrity of.E01files.
By offering a robust set of tools for handling EnCase Evidence Files, ewf-tools is an invaluable resource for anyone involved in forensic investigations, enabling them to manage and analyze digital evidence effectively.
mkdir bcache24bmc
./bmc-tools.py -s bcache24.bmc -d bcache24bmc/ -v
now go to this folder bcache24bmc and check all image carefully and find flag.
Flag – RdP_l3av3s_Trac3S
