forensics writeups

find forensics ctf writeups.

forensics writeups show how hidden data was recovered from images, PCAPs, memory dumps, and disk images — which tool revealed the flag and what the giveaway was. great for building a recon checklist.

search forensics writeups on ctftime

ctftime: forensicsctftime: stegctftime: pcapctftime: memory

what forensics writeups cover

  • LSB steganographywriteups extract bits hidden in image pixels with zsteg or stegsolve.
  • embedded fileswriteups use binwalk and foremost to carve a file out of another.
  • PCAP analysiswriteups follow TCP streams in Wireshark and export transferred objects.
  • memory forensicswriteups walk Volatility plugins (pslist, malfind, dumpfiles) to recover artifacts.
  • metadatawriteups pull the flag from EXIF / document metadata with exiftool.
  • encoded datawriteups find base64 or QR/barcode payloads inside files with strings and CyberChef.

read writeups after you've tried

writeups teach the most when you've already spent real time on a forensicschallenge. if you're stuck mid-solve, get a spoiler-free hint first — then read a writeup to see the gap between your approach and the intended one.

forensics guideforensics hints
all writeupsget hints →