Updated September 27, 2021

Why a CTF?

The annual Cellebrite Capture the Flag event is a great way for the DFIR community to come together and challenge themselves. Whether you are new to DFIR or a seasoned veteran, this CTF has something for everyone. The questions were written so that some are easier, and some are extremely challenging, but not impossible.  

We want you to have fun and enjoy the effort we put into creating solid data sets for you to use after the challenge ends for testing and validation. It is OK to not be able to answer them all, just do the best that you can.


From the moment you register, you will gain access to the datasets that must be downloaded prior to answering the CTF challenges.

Registration will close at 1:30 PM EDT on Sept. 27th! The password for the datasets is 02DB2ECE91DB67E8FA939FC3DC15D16B and is the same password for each zip.

Note, your email must be verified in order to play! If you are emailing from a non-work email, please introduce yourself with a Twitter, LinkedIn, or other option to show you are not a bot.

The CTF officially kicks off at 12:00 AM EDT on September 28th and runs until 11:59 PM EDT on October 1st.

The datasets: Upon registration, you will be able to download the 4 datasets required to start the CTF. The datasets are also available on our new CTF Community Group. This year we are introducing a PC into our scenario. Due to sizing, some images are split into multiple .E01 files and some may exist as several .zip files for easy download. Make sure you put the .zip files into the same directory for unzipping. If you experience issues, please reach out to ctf@cellebrite.com.

Ready Player One – The CTF has all the information you need after you register, as stated above.

Registration closes at 1:30 PM EDT on Sept. 27th!

After confirming your email, you will be taken to the CTF site and will have the option to either Create a Team or Join a Team. Teams are limited to 3 people and you will need to know the Team Name and Team Password in order to join an existing one.

Once the CTF starts and you are logged in, you will see the challenges categorized by the 4 datasets.

Preparing for the CTF:

You will need to download the forensic extractions of the 4 devices. Once you have the password, use it to extract the images from the .zip files, per the instructions above. There is only one passcode for all .zip files.

If you already have Cellebrite Physical Analyzer and Inspector, you can start processing the data. Two of the datasets are large and may take additional time.

If you do not have an active license or need a personal license, please log in to the Cellebrite Community and go to the Products & Licenses page and click on Start a trial. After you download and install Physical Analyzer, you will get a computer ID that you can use to generate your license.

Questions and Answers

Most questions are readily available; however, you will find you need to answer some to unlock others.  Read each question carefully as you will not get unlimited attempts to answer. Make sure you note the format provided.

Unless otherwise specified in the answer, text will be case insensitive. Timestamps should be provided in UTC unless otherwise specified in the question. Dates should be entered in YYYY-MM-DD HH:MM:SS format.


There are three levels of questions and the points are listed accordingly.

  • Level 1 – 10 points each
  • Level 2 – 20 points each
  • Level 3 – 50 or 100 points each

HINTS may be provided for Level 1 and Level 2. Keep in mind, you will lose points for using hints. Level 3 has NO hints!


Winners will be announced on Oct 2nd from the Cellebrite Twitter and LinkedIn accounts. We will be selecting 1 team (3 players max) and 5 individuals as winners. Winners will be awarded a Cellebrite CTF challenge coin.

Need Hints

We realize some of you may be new to Cellebrite and DFIR. The CTF team will be providing hints daily starting Sept. 28th on Twitter and LinkedIn so make sure to follow us. For those who need instructions or help on leveraging Cellebrite Physical Analyzer in an examination, please check out the following resources:

For issues, you can reach out to ctf@cellebrite.com

Share this post