Final CTF 2022 Round Up
At Cellebrite, we want to provide access to our CTFs to enhance what you already know and, hopefully, teach you something new with each challenge. This year Ronen Engler ran the CTF adventure, and he welcomed customers and students to help create questions.
Whether you are new to DFIR or a seasoned veteran, this CTF had something for you to learn. The questions were written so that some were easier, while others were extremely challenging but not impossible. Our hope was that you had fun and enjoyed the effort we put into creating solid datasets that you can also use after the CTF for your own testing and validation needs.
It is OK to not have been able to answer all the questions and if you missed the CTF altogether, don’t worry, we are providing the datasets and the walkthroughs for you to continue learning.
The datasets: Last year we introduced a PC into our scenario, and it stuck around. In addition, you will find an iOS backup file, Android extraction, and iOS extraction. NIST is hosting the CTF datasets here: https://cfreds.nist.gov/all/Cellebrite/Cellebrite2021CTF
We wrote a blog for each dataset to include walkthrough solutions.
Read and follow the previous walk-throughs at the following links:
- Part 1: https://cellebrite.com/en/part-1-ctf-2022-write-up-marshas-pc/
- Part 2: https://cellebrite.com/en/part-2-ctf-2022-write-up-heisenbergs-android/
- Part 3: https://cellebrite.com/en/part-3-ctf-2022-write-up-marshas-ios-device/
- Part 4: https://cellebrite.com/en/part-4-ctf-2022-write-up-beths-ios-device/
For those who need instructions or help on leveraging Cellebrite Physical Analyzer or Inspector in an examination, please check out the following resources:
- Fundamentals Matter Webinars – Getting started in a mobile investigation, leveraging key capabilities, and digging deeper.
- Ask The Expert – Many videos on how to leverage Cellebrite solutions.
- Cellebrite Blog – Dive into key topics of interest.
- Tip Tuesday – Weekly tips provided by Heather Mahalik
Stay tuned for the next CTF!