CTF Meta
I am a huge fan CTF challenges for learning, mostly because it is fun and difficult. Those two things are pretty hard to do.
Forensics challenges can include a number of elements mixed together such as:
- Network (pcap files or other traffic logs)
- Recon (identifying random things, people, locations)
- Anti-forensic techniques
When looking through a network challenges, there are a few basic types of challenges you can expect to see.
- A file is transferred
- A conversation occurs between two addresses
- A hidden channel is used to send information
- Something occurred and you must follow a series of events to get to the final answer
These challenges often involve adding another level of work beyond the initial discovery of the communication, whether adding stego, encoding, encryption or a custom network protocol.
Usually, the most important thing to do in the majority of these challenges is to identify the attacked host, the attacking host, and then find the channel in between. This means using the Statistics Menu, Knowing Normal, and being able to scroll through packet captures for hours.