At Cellebrite, we want to provide an annual CTF to enhance what you already know and hopefully teach you something new with each challenge.

Whether you are new to DFIR or a seasoned veteran, this CTF had something for you to learn. The questions were written so that some were easier while others were extremely challenging but not impossible.  

Our hope was that you had fun and enjoyed the effort we put into creating solid data sets that you can also use after the CTF for your own testing and validation needs.

It is OK to not have been able to answer all the questions and if you missed the CTF altogether, don’t fret, we are providing the datasets and the walkthroughs for you to continue learning.

The datasets: This year we introduced a PC into our scenario. Due to sizing, some images were split into multiple .E01 files and some could have existed as several .zip files for easy download so make sure to put the .zip files into the same directory for unzipping.

The Solutions:

We wrote a blog for each dataset to include walkthrough solutions.

Read the backstory in part 1 and follow the previous walk-throughs at the following links:

After writing the first four blogs, a new post was released featuring iLEAPP and how useful it is in this CTF. Watch the DFIRScience video here:

Beth’s iPhoneX:

MD5: 7094E2C584FCFBB1CCC346EBAB4D0A21

Heisenberg Note10:

MD5: DC68897A3F1690E9671048BDC75EBE8D

Marsha iPhoneX:

MD5: B5960A524E10469E6E6C01A6FAD1A917


MD5: E5D8DD9C223C3424B04A377E023E0D37

Marsha PC:

MD5: BB935C146EE6CB7B976D66902428C2BE

MD5: F1A11B91291EB09D27E2B7635CE9D777

MD5: C272FA79389D0A0A42E1F659998AD7AF

MD5: D0D9924BA82127453E044522FF8F2E1C

MD5: 2F843CF18B14F6C81C71A3DF2028F000

For those who need instructions or help on leveraging Cellebrite Physical Analyzer in an examination, please check out the following resources:

Stay tuned for the next CTF in 2022!

Share this post