Did Nobody See?
| ID: | 2431 |
|---|---|
| 标题: | Did Nobody See? |
| 描述: | We recently obtained a triage image from a Windows laptop belonging to a suspected ransomware operator. The suspect used several anti-forensic techniques and managed to erase any form of web history. We suspect that we may be able to use data from DNS servers as evidence to tie the suspect to the operation. Unfortunately, the suspect was using a VPN. Can you find any DNS servers used during the VPN connection? The answer will be in the form of byuctf{ip.address} (there may be multiple answers, any valid IP address for the DNS server will work for the answer). 题目附件: https://pan.quark.cn/s/10ab69843f23 |
| 类型: | Forensics |
| 网站: | bugku |
| 题目链接: | https://ctf.bugku.com/challenges/detail/id/2603.html |
| 赛事: | BYUCTF2024 |
| 年度: | 2024 |
| Flag值: | byuctf{162.252.172.57} |
| writeup: | https://odintheprotector.github.io/2024/06/06/byuctf-forensic.html |