Bulk extractor

1. Introduction

In this lab, a disk image file ā€œevidence.imgā€ is provided in the home directory of the root user (/root/). There is a file on this image which contains the email and phone number of ā€œevilā€ user. The email of the user is ā€œevil@attacker.co.ukā€ and the phone number is the flag for this lab.

Extract the files from the disk image using the bulk extractor tool and retrieve the flag!

2. Bulk extractor

We have to use bulk_extractor to extract the files from the given image

bulk_extractor evidence.img -o output

It depense on the image size, but the extraction process will take some timeā€¦

3. Retrieve the flag

Instead of checking every file manually Iā€™ll use grep for a string search

grep -irn 'evil@attacker.co.uk' . --color

4. Summary

PreviousFilecarving with scalpelNextDisk acquisition with dd

Last updated

Was this helpful?