DISKO 2

Welcome back to the write-up series of picoCTF. Today we’ll see about the DISKO 2 Challenge in Forensics Category

Challenge Name: DISKO 2

Category: Forensics Medium

Description: Can you find the flag in this disk image? The right one is Linux! One wrong step and its all gone!

This is a 2nd challenge of the disk series there is also write-up for the first part

First of all we’ll see the challenge

We can see there is a disk image (.dd) file given. Also there is a hint given

Hint : How can you extract/isolate a partition?

So we’ll mount the .dd file in Autopsy Tool . If you are wondering what is Autopsy you can find it here [https://www.kali.org/tools/autopsy/](https://www.kali.org/tools/autopsy/).

Create a new case and mount the image

After adding the image we see that it has 2 partitions, We will add both the partitions to our case

First we will analyze the 1 partition

Click ANALYZE → KEYWORD SEARCH → PicoCTF

BOOM! We found the flag

Flag : picoCTF{4_P4Rt_1t_i5_90a3f3d1}