{ "id": "9dc99760-5ce7-384c-bdb8-4f544300bab5", "name": "File Carving (Foremost)", "slug": "file-carving-foremost", "status": "published", "lab_type": "pta", "is_sample": false, "duration_in_seconds": 1800, "metadata": { "courses": [ "d150787c-c042-4e29-86ba-3e6312597ffa", "8d8f1728-bbf5-30ec-9e35-82b748bf966a" ], "pta_sdn": "1791", "pta_namespace": "attackdefenselabs", "learning_paths": [], "has_published_parent": true }, "session": null, "company": "a491bc32-c056-4946-9169-cc053387bada", "created": "2022-03-17T11:44:17.787596Z", "modified": "2023-12-08T19:40:24.342191Z", "is_beta": false, "lab_objectives": [], "main_learning_area": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa", "learning_areas": [ { "id": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa", "name": "Cyber Security", "slug": "cyber-security" } ], "categories": [ { "id": "94b65232-279b-4f35-8754-80f47bbe42d3", "name": "Basics" }, { "id": "fd38d8ac-242a-4c0d-8c3d-2191bddc6f20", "name": "Disk Forensics" } ], "tags": [], "difficulty": "novice", "is_web_access": false, "is_lab_experience": false, "is_featured": false, "cve": null, "severity": null, "year": null, "classification": null, "external_url": "", "solution_video": "86545a38-1bdd-350e-a200-8efe89fa985e", "explanation_video": null, "description": "Disk forensics techniques are used to acquire the disk image, process this image to find artifacts of interest including deleted ones.\u00a0 \n\n\n \n\n\nIn this lab, a disk image file \u201cevidence.img\u201d is provided in the home directory of the root user (/root/). One of the JPEG files present on the disk contains the flag.\n\n \n**Objective:** Extract files from the given image using **[Foremost](http://foremost.sourceforge.net/)**\u00a0tool and retrieve the flag!\n\n \n\n\n \n\n\n**Guidelines:**\n\n* [viu tool](https://github.com/atanunq/viu) can be used to view image files on command-line interface (CLI).", "description_html": "

Disk forensics techniques are used to acquire the disk image, process this image to find artifacts of interest including deleted ones.\u00a0

\n

In this lab, a disk image file \u201cevidence.img\u201d is provided in the home directory of the root user (/root/). One of the JPEG files present on the disk contains the flag.

\n

Objective: Extract files from the given image using Foremost\u00a0tool and retrieve the flag!

\n

Guidelines:

\n", "tasks": "", "tasks_html": "", "published_date": "2022-06-23T15:57:57Z", "solutions": "The solution for this lab can be found in the following manual:\n https://assets.ine.com/labs/ad-manuals/walkthrough-1791.pdf", "solutions_html": "

The solution for this lab can be found in the following manual:\n https://assets.ine.com/labs/ad-manuals/walkthrough-1791.pdf

", "flags": [ { "name": "Flag ", "type": "short-text", "uuid": "176489aa-808a-4c14-a57f-0b8aa9619051" } ], "min_points_to_pass": null, "access_type": "default", "user_status": "unstarted", "user_lab_status": null, "user_status_modified": null, "user_flags": [], "global_running_session": { "id": "c3de86a5-32f0-4dbb-9511-a5a591515e52", "user_id": "5dde02c1-353c-4e44-af4d-e217c38efd6a", "lab": { "id": "ad7c1ba5-4f43-39d6-87fb-be25e6623608", "name": "XSS Attack with XSSer", "lab_type": "pta" }, "pta_url": "https://jznfpnoy8i385wsg90w9sfzb8.us-east-4.attackdefensecloudlabs.com", "last_started_at": "2024-06-21T18:53:01.159725Z", "terminated_at": null, "running_time": 4897, "metadata": { "layout": "en-us-qwerty", "region": "US-East", "context": { "parent_id": "ec4e1013-09f0-486a-acea-ee4936e2cf7f", "parent_name": "Web Application Penetration Testing: Introduction to the Web and HTTP Protocol", "parent_type": "course" } }, "status": "started", "created": "2024-06-21T18:53:01.159766Z", "modified": "2024-06-21T20:14:38.268878Z", "duration_in_seconds": 4891, "shutdown_time": 10800 } }