Episode 10: iBeg to DFIR – Capture the Flag
In this episode, we are going to cover a very special event – Cellebrite’s first-ever “Capture the Flag” (CTF) exercise.
What is capture the flag?
In DFIR, it is a competitive exercise where you, as an examiner, are tasked with finding specific information or “flags” relating to device examinations and a specific scenario; based on a set of questions.
Our CTF involves four devices and our questions are designed to challenge your abilities as an examiner. It will help you learn and become more proficient in your own investigations and in Physical Analyzer.
This is a joint venture between Heather Mahalik, Ronen Engler, Paul Lorentz, Danny Garcia from training, and Matt Goeckel. There will be a range of questions, from very easy to very technically challenging, but everything is answerable no matter what level you are in your career as an examiner.
How To Register
- Our blog is the easiest way to help you through the process step by step.
- Join the first Cellebrite Capture the Flag Event.
- Use the decrypted password provided in the show.
- Download the four extractions.
- Try to join forces with other examiners or register as a team (up to 3 people are allowed per team).
For this event, Andrew Rathbun has given access to the digital forensics Discord channel where there is a specific channel set for Cellebrite CTF Here it is possible to look for groups and teams to join.
When The CTF Event Will Take Place
The CTF event will be held from October 26, 2020, until October 29, 2020. Don’t forget to download the extractions beforehand to get a head start before the questions are opened to everyone.
Types Of Extractions
The event will include different types of extractions for iOS devices, Android devices, Android file-based encryptions, and more. This gives the users a real-life experience of different data stored in different ways.
Do You Need Cellebrite Physical Analyzer?
We have extracted four devices from four different people. You can download, open, and process these extractions with your preferred tool.
If you need or want access to Cellebrite Physical Analyzer and do not have a current license, we will be offering a free, 30-day license. Follow the steps in the blog for installation if you do not already have Cellebrite Physical Analyzer.
For any questions related to the Cellebrite Capture the Flag (CTF) event, listen to the full podcast, check out the blog, connect on social, or contact us at CTF@cellebrite.com
Register for the next iBeg to DFIR episode here.