- File recovery from the memory dump
- Environment variables analysis.
- RAR and Zip password cracking.
- Cracking Windows user password hash.
- Extracting Keepass Master Password from keystrokes of logged data.
- Retrieving the flag from Samba SMB workgroup guest.
- Anonymous login to FTP server.
- Retrieve SSH login username and password from Firefox History
- Decrypt the bitlocker encrypted drive
- extracting the flag from deleted PDF
- Finding Picture-In-Picture application capability.
- Most recently viewed web activity in Picture-In-Picture application on the device.
- Finding the last modified timestamp of the file that maps names to IP’s accessed.
- Extract keylogger script from the memory dump.
- Extract the master key from the packet capture.
- Reverse the script to get the flag.
- Extract Invalid Login timestamp from the windows registry.
- Extract the timestamp of when a JPEG was opened.
- Extract Google Chrome’s last run time which was pinned to taskbar from windows registry.
- Extract process last run time from the windows registry.
- Extract process run count from the windows registry.
- Decrypt the encrypted GPG file found in Outlook Express with the private key stored on the device.
- Decrypt the firefox saved passwords and log in to the website that the terrorist used.