ABCDEFGHIJKLMNOPQRSTUVWXYZAA
1
PWD:3ECC2C9F723B2CA0F58FD042DC4A5E6112909ED4ABC919FAA0343463A39B634D
2
3
Evidence:https://d17k3c8pvtyk2s.cloudfront.net/CTF_Apple_iPhone_X_Juan_Mortyme_parts.7z.001
4
https://d17k3c8pvtyk2s.cloudfront.net/CTF_Apple_iPhone_X_Juan_Mortyme_parts.7z.002
5
https://d17k3c8pvtyk2s.cloudfront.net/CTF_Apple_iPhone_X_Ruth_Langmore.7z
6
https://d17k3c8pvtyk2s.cloudfront.net/CTF_Samsung_Galaxy_A10e_Tony_Mederos.7z
7
https://d17k3c8pvtyk2s.cloudfront.net/CTF_Samsung_Galaxy_S8_Rene_Gade.7z
8
9
Evidence FilePointsTitleQuestion
10
Tony Mederos10Extraction TypeWhat type of extraction is this? (Acronym or Full Wording)
11
Tony Mederos10Operating SystemWhat Android Version is this device running? (enter just numerical value)
12
Tony Mederos10CryptoWhat is the name of the Crypto Currency application?
13
Tony Mederos20Security PatchWhat Security Patch Level does this device have? (Date Format: MM-DD-YYYY for example: 12-30-2025)
14
Tony Mederos20Location Location LocationWas Tony looking for any houses, if so, in what city?
15
Tony Mederos20Job SearchWhat possible new job was Tony looking at?
16
Tony Mederos20Wallet IDWhats the Crypto Wallet ID?
17
Tony Mederos20NameWhat is **Scurvy**’s real name? (Given name only)
18
Tony Mederos50Auto Join WifiWas Auto Join enabled on CSIS? (Please note you only get one attempt)
19
Tony Mederos100Wifi PasswordWhat was the password for the Network of CSIS Mesh?
20
Juan Mortyme10Phone InformationWhat is the owner's mobile phone number? (10 or 11 digits only)
21
Juan Mortyme10Location AddressWhat is the owner's home street name? (just the street name, NO home address number, NO city, NO state, just street name)
22
Juan Mortyme20ActivationWhen was the phone first activated (after a wipe)?
format: MM-DD-YYYY
23
Juan Mortyme20VehicleName a vehicle make of which the device was connected to
24
Juan Mortyme20Location DetailsIn which city is the favorite starbucks located?
25
Juan Mortyme20DaytripWhat did I pick up from Montana?
26
Juan Mortyme20PrintingOn a document printed from this device, what is the 2nd word on the 3rd line
27
Juan Mortyme20Photo AnalysisAnalyze and determine the offset from UTC, enter numerics only (without UTC and no +/- for example: 2)
28
Juan Mortyme50(Audio) Recording LocationThere are multiple (Audio) Recordings, created by the user - on the device, a few of them are associated with different airports locations. Name the ICAO code of either one of the airports (format has 4 characters for example CYYZ for Toronto Pearson airport)
29
Juan Mortyme50IP AddressWhat is the IP Address the device was associated with - while connected to the WiFi network on August 14, 2020? (Standard IP Address format for example: 10.1.123.11)
30
Juan Mortyme100Financial SituationIn a financial app there is still a $ balance - what is that amount? (full amount with pennies for example: 12.34)
31
Ruth Langmore10Application AnalysisOn what date did Ruth want to be reminded to "Move the product"? (answer MM-DD-YYYY)
32
Ruth Langmore10Browser HistoryWhere did Ruth look up weather forcasts for? (answer must include city and state in this format - Washington, DC)
33
Ruth Langmore10CommunicationsWho is the owner/creator of the group named "OG Crew" across the devices?
34
Ruth Langmore20Device IdentificationWhich iOS version was running on the device at the time of acquisition? (answer with just the number - i.e. 12.3)
35
Ruth Langmore20Application AnalysisWhat is Ruth's user_id on TikTok? (answer is the string of numbers, not the user_name)
36
Ruth Langmore20Password RecoveryWhat is the password that can be used to access the link recovered from the locked notes? (answer is caSE SenSITive)
37
Ruth Langmore20Device StatusWhen was Ruth's iPhone last wiped? (Provide the date in the following format MM-DD-YYYY)
38
Ruth Langmore20PList AnalysisWhen was the WiFi for "Birchrunville_cafe-Guest" first connected (added) to Ruth's iPhone? The answer must be provide in localtime for the device. (UTC WILL NOT BE ACCEPTED). Answer must be in the following format MM-DD-YYYY HH:MM:SS (i.e. 12-18-2019 23:52:23)
39
Ruth Langmore20Application UsageHow much time did Ruth spend on TikTok on 07-25-2020?(Answer must be in this format 00:05:27)
40
Ruth Langmore20Application UsageHow did Ruth listen to the podcast titled "Episode 4: The Importance of Test Data" on this device? (Answer must be just the application name i.e. spotify)
41
Ruth Langmore20Application UsageRuth listened to a podcast titled "Episode 4: The Importance of Test Data" on this device. Once you determine how she listened to it, what is the item_pid for this podcast?
42
Ruth Langmore100Application Analysis_NotesWhat is the password to unlock the Notes on Ruth's device? (case sensitive - as all passwords should be!) You won't find the answer, but can draw clues to it. Google could help once you find the correct hint.
43
Ruth Langmore (Bonus)50Database AnalysisWhat is the link that was found in a locked note? (Hint: it is a good idea to use this link as it's a hidden flag and it's safe!)
44
Ruth Langmore (Bonus)50Financial InformationWhat is the routing number used by Ruth to make and receive payments for potentially illegal transactions? (ANSWER - do not include spaces. Just the numbers for the account)
45
Rene Gade10Social MediaWhat is the Snapchat username used by the device owner?
46
Rene Gade20User IdentificationWhen analyzing the device extraction, determine the Facebook username being used on this device by this user.
47
Rene Gade20User ActivityProvide the date the user of this device joined Zoom.
Answer must be entered in MM-DD-YYYY format Use the date associated to UTC+0 timezone for this flag.
48
Rene Gade20Database AnalysisWhat is the name of the database table that contains direct messages involving the instagram user id 38106270876?
49
Rene Gade20FilesRuth sent a video to Rene of a rocket launch. What is the size of the video file in bytes?
50
Rene Gade20MMS AnalysisThe hash value a8eb9547d95f569dfde4bceded3f9867 is associated to a file sent to Rene Gade. What is the timestamp of the MMS message associated with this file?

ANSWER MUST BE FORMATTED AS: MM-DD-YYYY HH:MM:SS - use the 24-hour clock and do not include time offset.

For example, for January 16, 2020 at 10:01:52 PM, the correct answer would be: 01-16-2020 22:01:52
51
Rene Gade20Application AnalysisWhat is the most recent Uber code received by the device?
52
Rene Gade50User IdentificationA ‘cashtag’ is an individual user’s Cash App username. Determine Rene Gade’s ‘cashtag’.
53
Rene Gade100Financial InformationRene sent Juan bank account information in a less than conventional manner. What is the Bank of America routing and account number sent to Juan?

ANSWER MUST BE FORMATTED AS: routing:account (no spaces, use colon to separate the numbers provided. For example: 1234567:1234567890
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100