TryHackMe: Intro to Digital Forensics
This is a write up for the Intro to Digital Forensics challenge room on TryHackMe. Some tasks may have been omitted as they do not require an answer.
Consider the desk in the photo above. In addition to the smartphone, camera, and SD cards, what would be interesting for digital forensics?
Answer: Laptop
It is essential to keep track of who is handling it at any point in time to ensure that evidence is admissible in the court of law. What is the name of the documentation that would help establish that?
Answer: Chain of Custody
Using pdfinfo, find out the author of the attached PDF file.
Answer: Ann Gree Shepherd
Using exiftool or any similar tool, try to find where the kidnappers took the image they attached to their document. What is the name of the street?
Enter the following command:
exiftool letter-image.jpg
Search the Lat/Long in Google Maps.
Answer: Milk Street
What is the model name of the camera used to take this photo?
Answer: Canon EOS R6
Recap
In this task we learnt:
- The basics of the Digital Forensics process
- How to use exiftool
- How to use pdfinfo