Solving Lost Flash Drive Challenge with ArtiFast Windows
19/01/2021 Tuesday
In this blog post, we will be solving a challenge designed by info-sec.box using ArtiFast Windows. The purpose of this challenge is to analyze an image acquired from a lost flash drive to find the flag (challenge). Below is the solution to the challenge, solved using ArtiFast.
Challenge Details
- Challenge Name - Lost Flash Drive
- Challenge Password - kjiIYFGsx76IOHK
- Image Info - Raw Image (Size:4 GB)
Getting Started with ArtiFast: Case Creation
After downloading the image and starting ArtiFast suite, create a new case by clicking on Case menu on the top-left side of the window, then New. Enter the Case information such as the case name, number and description as seen in the figure below.
Next, the data source needs to be selected by clicking on the Add button on the right most side of the window. ArtiFast supports parsing of various evidence types; however, for this case, the Raw Image option should be selected. Fill out data source information such as the name and evidence path.
After you have created your case and added evidence for the investigation, at the Artifacts Parser Selection Phase, select all artifacts and click the Add button at the bottom right and Run.
Once ArtiFast parser plugins complete processing artifacts for analysis, it can be reviewed via "Artifact View" or "Timeline View", with indexing, filtering, and searching capabilities.
Finding the Flag
In the search bar next to the Timeline Filtering Panel button type "flag" and hit on the search button. The resulted entries will be displayed in the main workspace as seen in the figure below.
Right click on “zip” and select Extract Source. A pop-up message will appears on the screen when the file is extracted successfully.
Finally, navigate to the extracted file and unzip it. The answer is flag{its_adventure_time_yee_boi!!!}
