I had a lot of fun organizing this CTF. Just too much excitement. Many people have requested me to put out a write-up for the challenge which had only 4 solves in the end. So I’ll be writing a short write-up.
So from the challenge, one can pretty much discover that the user was “surfing the web and downloaded a mysterious file”.
So, it is very clear what we should look for. We have to go through the browser history of the system and get the file. Recently, for the volatility plugin contests, there was a plugin published. It was the chrome plugin. It is a very powerful plugin which helps to analyze various data related to the chrome browser. In this case, we are going to use the chromehistory plugin.