tl;dr

• Create a Linux profile for Ubuntu 18.04 (5.4.0-42-generic) in Volatility
• Use linux_bash plugin to get link to the repo and linux_find_file plugin to recover the filepath
• Decode the keyboard stream data to retrieve the flag

tl;dr

• Extract creation timestamp of a note from Google Keep Notes.
• Finding location, date & time from Slack Messages.
• Extract no. of tasks completed and created from Google Tasks.
• Finding secret code from Google Docs cache.
• Extract first opened timestamp of a Game.

tl;dr

• Extract User ID and Workspace ID of the Slack workspace participating.
• Extract the first & last 3 characters of text from the Anydesk Remote connected PC’s thumbnail wallpaper.
• Extract the type of filesystem of the USBs connected to the system.
• Extracting active duration of Voice Modulator application used by parsing Windows Activity timeline.

tl;dr

• Finding default browser and the top visited website.
• Extract timestamp, ID, Hostname of the TeamViewer FileTransfer session.

tl;dr

• Finding Chat application
• Extract unread message count from NTUSER.dat.
• Extract the last executed timestamp of the chat application.
• Extract the Version of the chat application.

tl;dr

• Analysing Google keep mobile artifacts.

tl;dr

• File recovery from the memory dump
• Environment variables analysis.
• RAR and Zip password cracking.
• Cracking Windows user password hash.
• Extracting Keepass Master Password from keystrokes of logged data.

tl;dr

• Retrieving the flag from Samba SMB workgroup guest.

tl;dr

• Anonymous login to FTP server.
• Retrieve SSH login username and password from Firefox History

tl;dr

• Decrypt the bitlocker encrypted drive
• extracting the flag from deleted PDF