CSAW 2015 ~ Flash: Forensics 100

We were able to grab an image of a harddrive. Find out what’s on it.


This one had a super simple solution. So an image is just some snapshot of some hard drive, so you usually have to use some tool like volatility to dive into it and find flags. Before we do that make sure you always start with the basics. Lets search for the flag with strings.

strings flash_c8429a430278283c0e571baebca3d139.img grep flag


At the very bottom you can see the flag.

...against the world in arms; the black flag waved night and day from the
Over the chair they had thrown a red flag, and to the back of it they