Try Hack Me: Intro to Digital Forensics Walkthrough
This is the first room that I chose to write about. I was postponing that, but finally I decided to start that journey.
So I randomly chose this room just because its looks interesting and funny. xD
This room shows us that in today’s digital world, a lot of evidence in criminal investigations are found in different digital devices.
So the Digital Forensics is responsible to analyze and process this digitals evidences, helping to clear what really happened in the situation.
In addition, this room introduces us to the basics of how to work with it.
Task 1
1 — Consider the desk in the photo above. In addition to the smartphone, camera, and SD cards, what would be interesting for digital forensics?
Thinking about the definition, that’s become easy! The only other digital device into the picture is the laptop.
Answer: Laptop
Task 2
Going deeper in this topic, now this task presents better the step-by-step of what to do working as a digital forensics investigator.
To answer the second task, we just need to find the anwer in the text.
2 — It is essential to keep track of who is handling it at any point in time to ensure that evidence is admissible in the court of law. What is the name of the documentation that would help establish that?
Answer: Chain of custody
Task 3
It’s time to practice!
If you are working on a local machine, to complete this task first we have to download and unzip the given material.
I recommend you create a new directory before unzip the file, just to ensure organization.
You can do this using the command mkdir and the command “unzip” in the file downloaded.
Now we’ll use two tools that make possible to us look and work with the metadata of the files.
phpinfo and exiftool
3.1 — Using pdfinfo, find out the author of the attached PDF file.
Let’s do it step-by-step
Step 0 — Install phpinfo if you don’t have it.
If you don’t have phpinfo installed, use the command:
“sudo apt install poppler-utils”
Step 1 — Use the phpinfo on ransom-letter.pdf using the command:
“phpinfo ransom-letter.pdf”
Step 2 — Look for the Author in the result
Answer: Ann Gree Shepherd
3.2 — Using exiftool or any similar tool, try to find where the kidnappers took the image they attached to their document. What is the name of the street?
Step 0 — Install exiftool if you don’t have it.
If you don’t have phpinfo installed, use the command:
“sudo apt install libimage-exiftool-perl”
Step 1 — Use the exiftool on image ransom-letter.jpg using the command:
“exiftool letter-image.jpg”
Step 2 — Look for the GPS Position in the result
Step 3 — Copy the GPS coordinates and search in Google Maps to find the street that the photo was taken (remember to change from “deg” to º when searching)
Answer: Milk Street
3.3 — What is the model name of the camera used to take this photo?
Step 1 — Look for the “Camera Model Name” into result
Answer: Canon EOS R6
And that’s it!
This is my first write-up and I loved it!
Thank you for your attention! If you guys have any suggestions or saw mistakes to fix, please tell me! I’m here to learn xD
See you!
