Forget Me Not

Type your comment> @Vibhu025 said:

Is the zip file bigger than 100 MB

Yes

Congrats on the FB bjornmorten

I got the idea, the tools required but i’m unable to get it work …
Should i use an hypervisor such as KVM ?

Anyone having issues building this?

I got the file to work in the tool. But with no idea how to proceed. Does anyone have any tips?

@Y4m4t0 said:

I got the file to work in the tool. But with no idea how to proceed. Does anyone have any tips?

As a general rule, run the plugins and analyse the data.

Did you get it working following the instructions on the tool wiki page?

I used the tools to extract info.
After that i tried to squash out some things.
Without any succes

Spotted some interesting files but getting errors pulling them out.

Edit: Found a troll flag -_-

5 files of interest to us appear and plain text may not be a flag.

NVM

Type your comment> @clubby789 said:

Spotted some interesting files but getting errors pulling them out.

Edit: Found a troll flag -_-

I also found the troll flag … :neutral:

@Y4m4t0 said:

Type your comment> @clubby789 said:

Spotted some interesting files but getting errors pulling them out.

Edit: Found a troll flag -_-

I also found the troll flag … :neutral:

Probably irrelevant, given the dates.

Edit: Done. Was right under my nose for hours!

For something I saw in the first minutes, I had never given it a chance. I worked on another subject for hours. Fortunately it’s over. :neutral:

For those having issues with the tool to remember things, check the version you are using. I found it works in 2.6 but not 2.4.

@narwhal2 said:

For those having issues with the tool to remember things, check the version you are using. I found it works in 2.6 but not 2.4.

Using 2.6.1, needed to make some adjustments in the tool for it to be able to extract files.

Could someone leave a hint on which file I should be looking at? There are so many files

I’m losing my marbles on this one. I’ve tried the tool on a number of platforms (due to errors) and finally got it running on a fresh Kali VM, using a fork that supposedly addresses the issues I was running into with the stock version. I’m able to extract most of the filesystem, though many (not all) files I’m curious about appear to be zero filled. I’ve also used a separate tool for file carving to see if I missed anything. Still no luck. Anyone willing to lend a nudge?

Ok, tried everything on the extract tool but I still get nothing. I think I will need an hint :neutral:

i found a troll flag too (this_is_not…) - if anyone has any hints for next steps, i’d appreciate it!

I might have forgotten something, but you don’t need to extract any files.

When you go through the information you can get, just make sure you double-check everything against a few different sources. Dont make the mistake I made of googling it and thinking it was a rabbit hole. Look at some other places you can search for that kind of thing which you might use if you were an incident responder.