picoCTF 2022 | Sleuthkit Intro Write-up

Challenge description

Download the disk image and use mmls on it to find the size of the Linux partition. Connect to the remote checker service to check your answer and get the flag. Note: if you are using the webshell, download and extract the disk image into /tmp not your home directory.

Category: Forensics


As always, we start by downloading and decompressing the file. I used wget and gzip -d for these tasks.

Next, following the challenge’s description, I used the mmls disk.img to check for the size of the linux partition.

Looks like it’s 202752

Give that number to the checker program for the flag

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: