At Cellebrite, we want to provide access to our CTFs to enhance what you already know and, hopefully, teach you something new with each challenge. This year Ronen Engler ran the CTF adventure, and he welcomed customers and students to help create questions.

Whether you are new to DFIR or a seasoned veteran, this CTF had something for you to learn. The questions were written so that some were easier, while others were extremely challenging but not impossible.  Our hope was that you had fun and enjoyed the effort we put into creating solid datasets that you can also use after the CTF for your own testing and validation needs.

It is OK to not have been able to answer all the questions and if you missed the CTF altogether, don’t worry, we are providing the datasets and the walkthroughs for you to continue learning.

The datasets: Last year we introduced a PC into our scenario, and it stuck around. In addition, you will find an iOS backup file, Android extraction, and iOS extraction. NIST is hosting the CTF datasets here:

The Solutions:

We wrote a blog for each dataset to include walkthrough solutions.

Read and follow the previous walk-throughs at the following links:

For those who need instructions or help on leveraging Cellebrite Physical Analyzer or Inspector in an examination, please check out the following resources:

Stay tuned for the next CTF!

Share this post