Daily Blog #575: Solution Saturday 12/22/18 - DFVFS Challenge Solution

DFVFS Challenge Solution by David Cowen - Hacking Exposed Computer Forensics Blog

Hello Reader,
I always love introducing new winners to the community and this week I get my wish. Please congratulate Bastien Lardy with his winning Python DFVFS submission!

The Challenge:
Write a python script using DFVFS that uses the source scanner function to enumerate partitions and shadow copies. It should then provide the ability to extract a file and provide its hash. What additional functionality you decide to add in from there will determine which answer is the most complete. If you need test images to code against consider the Defcon CTF images. 

The winning answer:
This is a python2 (I had issue with python3 and mediator...) script that reads an input disk image and searches (based on full path or regex filters), extracts or computes hash. If shadow copies exist, it will prompt a message whether to process those or not.

Also Read: Daily Blog #574

Post a Comment