search

Bulk extractor

hashtag
1. Introduction

In this lab, a disk image file ā€œevidence.imgā€ is provided in the home directory of the root user (/root/). There is a file on this image which contains the email and phone number of ā€œevilā€ user. The email of the user is ā€œevil@attacker.co.ukenvelopeā€ and the phone number is the flag for this lab.

Extract the files from the disk image using the bulk extractor toolarrow-up-right and retrieve the flag!

hashtag
2. Bulk extractor

We have to use bulk_extractor to extract the files from the given image

bulk_extractor evidence.img -o output

It depense on the image size, but the extraction process will take some timeā€¦

hashtag
3. Retrieve the flag

Instead of checking every file manually Iā€™ll use grep for a string search

grep -irn 'evil@attacker.co.uk' . --color

hashtag
4. Summary

PreviousFilecarving with scalpelNextDisk acquisition with dd

Last updated

Was this helpful?