Part two of the DerbyCon DomainTools CTF write-ups. You can find yesterday’s coverage of all the Crypto challenges here. I’ll be contributing solutions for every challenge in the CTF, broken up by the same section names that they used. When possible, I’ll also be creating CyberChef recipes to directly solve each challenge, and linking to them following the solution description. Today: the forensics challenges!
One of the most frustrating things to do is shuffle various USB drives trying to remember which one you were using last (for persistent OS boots), or which one has the working version of “X” operating system/which installer. This article covers how to take an external USB drive (whether a large thumb drive or an actual external hard drive) and turn it into a whizbang multi-OS booting device.
If you’re looking for a quick way to clean out unused drive space, Windows 7 and on have a built-in tool called Cipher that can handle that easily. To wipe all free space on a drive (the C: drive in the below example) just use the following syntax:
There are a lot of additional features to this tool (which you can review at the link above), but a scheduled task to wipe your free space on a regular basis can greatly reduce the probability of data recovery in the event your device is stolen. Consider it a standard part of your regular hygiene along with drive encryption.